Password manager Dashlane has revealed that fewer than 20 users of its personal subscription plans had their encrypted vaults downloaded following a brute force attack by an unknown party.
On May 31, 2026, the company announced that an “external” attacker launched a brute force attack against certain Dashlane user accounts in an attempt to defeat two-factor authentication (2FA) protections and allow new devices to be registered to existing user accounts.
It’s unclear exactly how many users were targeted, but Dashlane said the high volume of attempts against these accounts resulted in account suspensions and authentication issues through built-in security controls.
Access to the account has since been restored, but the company said the attackers were successful in a small number of cases and were able to download copies of encrypted vaults owned by fewer than 20 individual plan users.
“We have notified each of these users directly.” “If you are a Dashlane user and have not yet received a message from Dashlane regarding Vault risk, your Dashlane account will not be affected.”
Please note that you cannot access your vault data without your master password. Unless this password is simple and predictable, attempts to break into the safe are unlikely to be successful. Dashlane also noted that its internal systems were not affected by this incident.
As a precaution, users are encouraged to review the devices registered to their accounts, remove any devices they don’t recognize, enable 2FA, and use a strong master password that is “long, unique, and difficult to guess.”
Source link
