- Dashlane disclosed a brute-force attack where encrypted vaults for fewer than 20 personal plan users were downloaded.
- The attack, launched on May 31, 2026, aimed to bypass two-factor authentication to register new devices on accounts.
- Despite the breach, the data remains protected by Master Passwords, and the company’s internal systems were not impacted.
- Users are advised to review registered devices, enable 2FA, and ensure their Master Password is strong and unique.
In a recent security incident, password manager Dashlane confirmed on June 2, 2026, that an external threat actor successfully executed a brute-force attack against a limited number of user accounts. This breach specifically targeted accounts on the personal subscription plan to circumvent two-factor authentication protections.
On May 31, 2026, the company said the attack aimed to allow the registration of new devices on existing user accounts. Consequently, a high volume of attempts triggered temporary account suspensions and authentication issues for an unknown number of targeted users, according to user reports.
Although access was restored, Dashlane now reveals attackers downloaded encrypted vaults belonging to “fewer than” 20 personal plan users. The company said it has directly notified all affected individuals.
Importantly, the stolen vault data cannot be accessed without the user’s Master Password. Dashlane emphasized that unless this password is trivial, cracking the vault is unlikely, and its internal systems were not impacted.
As a precaution, users should review registered devices and remove unrecognized ones. They are also advised to enable 2FA and use a Master Password that is “long, unique, and difficult to guess.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
