Dashlane issues opaque advisory warning 20 encrypted vaults were stolen
Summary
Password manager Dashlane said hackers used a brute-force attack to try to bypass two-factor authentication on some user accounts. The company reported that fewer than 20 encrypted user vaults were stolen but has not provided full details about how the attack happened.Key Facts
- Dashlane experienced a brute-force attack starting May 31, 2026, targeting user accounts' two-factor authentication (2FA).
- The attackers aimed to bypass 2FA to add new devices to user accounts.
- Around 20 encrypted user vaults were accessed by the attackers.
- Dashlane locked accounts targeted by the attack due to many login attempts.
- Users received 2FA requests that caused confusion, and Dashlane did not initially explain the situation clearly.
- The attack might have involved 2FA methods like push notifications, which require user approval on their devices.
- Brute-forcing 2FA codes is difficult because codes change frequently and there are many possible combinations.
- Dashlane contacted the affected users but has not shared full information on how the first authentication factor was broken.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.