Dashlane explains how attackers managed to download encrypted password vaults
Summary
Dashlane reported that hackers tried to access many users' encrypted password vaults by exploiting the device-adding feature. The attack affected fewer than 20 user accounts before Dashlane stopped it, and the company has informed those users.Key Facts
- Attackers targeted Dashlane’s system to add new devices to users’ accounts and download password vaults.
- The hackers used automated requests (a brute force method) to guess verification codes sent to users’ emails.
- Dashlane’s security system locked accounts automatically when suspicious activity was detected.
- The attack started on Sunday and was stopped after fewer than 20 vaults were downloaded.
- Even if hackers downloaded vaults, they still need the master password to read the stored data.
- Dashlane uses Argon2, a complex code that makes cracking the master password very slow and difficult.
- Dashlane has contacted all users affected by the attack.
- Users who have not received alerts are not impacted by this breach.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.