top of page
perceptive_background_267k.jpg

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Published:

2 June 2026 at 03:55:25

Alert date:

2 June 2026 at 06:00:35

Source:

thehackernews.com

Click to open the original link from this advisory

Identity & Access, Data Breach & Exfiltration

Password manager Dashlane disclosed a security incident where fewer than 20 personal subscription users had their encrypted vaults downloaded. The breach occurred on May 31, 2026, when an external threat actor launched a brute-force attack targeting Dashlane user accounts. The attack specifically aimed at breaking two-factor authentication (2FA) protections. Only users on personal subscription plans were affected by the vault downloads. The incident represents a significant security concern for password manager users and highlights vulnerabilities in 2FA implementations.

Technical details

External threat actor launched brute-force attack on May 31, 2026 against Dashlane user accounts targeting two-factor authentication (2FA) protections to register new devices on existing user accounts. High volume of attempts triggered temporary account suspensions and authentication issues. Attackers successfully downloaded encrypted vaults of fewer than 20 personal plan users. Vault data cannot be accessed without Master Password. Dashlane's internal systems were not compromised.

Mitigation steps:

Review devices registered to accounts and remove unrecognized devices, enable 2FA, use a strong Master Password that is long, unique, and difficult to guess

Affected products:

Dashlane password manager (personal subscription plan)

Related links:

https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html#:~:text=Dashlane%20Warns%20of%20Brute%2DForce%20Attack
https://status.dashlane.com/pages/incident/5aabcb89fccc4b04d3774443/6a1c519ceac9dc05ffa1f526
https://www.reddit.com/r/Dashlane/comments/1tt3inb/email_saying_someone_logged_into_my_account/
https://www.reddit.com/r/Dashlane/comments/1tsup4p/account_suspended_phishing_email/
https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page