Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Published:

2 juni 2026 om 03:55:25

Alert date:

2 juni 2026 om 06:00:35

Source:

thehackernews.com

Identity & Access, Data Breach & Exfiltration

Password manager Dashlane disclosed a security incident where fewer than 20 personal subscription users had their encrypted vaults downloaded. The breach occurred on May 31, 2026, when an external threat actor launched a brute-force attack targeting Dashlane user accounts. The attack specifically aimed at breaking two-factor authentication (2FA) protections. Only users on personal subscription plans were affected by the vault downloads. The incident represents a significant security concern for password manager users and highlights vulnerabilities in 2FA implementations.

Technical details

External threat actor launched brute-force attack on May 31, 2026 against Dashlane user accounts targeting two-factor authentication (2FA) protections to register new devices on existing user accounts. High volume of attempts triggered temporary account suspensions and authentication issues. Attackers successfully downloaded encrypted vaults of fewer than 20 personal plan users. Vault data cannot be accessed without Master Password. Dashlane's internal systems were not compromised.

Mitigation steps:

Review devices registered to accounts and remove unrecognized devices, enable 2FA, use a strong Master Password that is long, unique, and difficult to guess

Affected products:

Dashlane password manager (personal subscription plan)

Related CVE's:

Related threat actors:

External threat actor (unknown party)

IOC's:

This article was created with the assistance of AI technology by Perceptive.