Dashlane Reports Brute-Force Attack: Encrypted Vaults of Select Users Accessed
On May 31, 2026, Dashlane, a prominent password management service, identified a brute-force attack targeting a subset of its personal subscription users. The attack aimed to bypass two-factor authentication (2FA) and register unauthorized devices to existing accounts.
The company observed a significant number of login attempts on certain accounts, triggering its security protocols. These measures led to temporary account suspensions and authentication challenges, effectively mitigating the attack’s broader impact.
Despite these defenses, the attackers succeeded in downloading encrypted vaults from fewer than 20 personal plan users. Dashlane has directly informed the affected individuals. Users who have not received such communication are considered unaffected.
The integrity of the encrypted vaults remains intact, as access requires the user’s Master Password. Unless these passwords are weak or easily guessable, unauthorized decryption is improbable. Dashlane confirmed that its internal systems were not compromised during this incident.
In response, Dashlane advises all users to:
– Review and remove unrecognized devices linked to their accounts.
– Ensure 2FA is activated.
– Utilize a robust Master Password that is lengthy, unique, and challenging to predict.
This event underscores the importance of maintaining strong, unique passwords and enabling 2FA to enhance account security.
