This happened to me too (from a NordVPN IP). I presume someone is spamming Bitwarden with login credentials they found in some stolen database. It’s possible that Bitwarden had a database breach but that’s very unlikely.
I would not recommend ever changing credentials while under attack, unless they are known to be weak (but the time to change them is before the attack, in that case). The process of changing them opens up several vectors of attack. Additionally, if the attacker already obtained the encrypted payload, it would only be harmful to give them the same data encrypted under a new key.
And yes, if I had a bitwarden vault I wanted to crack I'd absolutely be using the web account login page. The latter is more likely to yield to have some vulnerability than the at-rest encryption, which when exploited would yield the password; or it could scare the target into falling into my PITM attack, or otherwise act irrationally.
What type of vulnerability could the web interface have that the offline password file wouldn't? Unless they have a backdoor. The speed difference would also be tens or millions of times faster.
I don't use that service. Do you have two-factor authentication? If not, you should really consider using it. The 2fa is a major security upgrade for any account.
I had problems with their 2FA where the code would come via SMS but be rejected. I was able to recover via email but it was distressing. Do they have OTP service now?
Depending on your threat model, I suggest using a unique email address to register your password manager account. Harden that email account and set up email forwards if it's separate or just give the password manager a unique name for your catch-all email address (I believe iCloud offers something similar to this as well).
