CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 02, 2026

Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks

Cybersecurity News Archived Jun 02, 2026 ✓ Full text saved

Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026. According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts. The attack triggered automated security defenses, resulting in multiple […] The post Dashlane Password Manager User Accounts Locked Following Brute-

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks By Abinaya June 2, 2026 Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026. According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts. The attack triggered automated security defenses, resulting in multiple user accounts being temporarily locked. The high volume of login attempts prompted Dashlane’s protective systems to automatically suspend affected accounts as a precautionary measure. This response was designed to prevent unauthorized access and stop attackers from progressing further in their attempts. Dashlane Accounts Locked Dashlane confirmed that its internal security teams were immediately alerted and launched an investigation while implementing mitigation measures to contain the activity. As a result of the incident, several users experienced temporary disruptions, including being unable to log in or add new devices. Dashlane has since restored access to all impacted accounts and confirmed that normal operations have resumed. The company emphasized that these account lockouts were part of its defensive strategy rather than evidence of successful compromise. However, the investigation revealed that attackers managed to download encrypted vault data belonging to fewer than 20 users on personal plans. Dashlane stated that all affected individuals have been directly notified. Importantly, the company clarified that users who did not receive a notification are not impacted by this data exposure. Dashlane reassured users that the stolen vault data remains strongly protected due to its zero-knowledge encryption model. Vault contents are encrypted using the user’s Master Password, which is never stored or transmitted to Dashlane servers. Without access to this password, decrypting the vault is considered computationally impractical, even with extended brute-force efforts. The company also confirmed that there is no evidence suggesting a breach of its internal infrastructure. The attack was limited to external authentication attempts rather than exploitation of backend systems or vulnerabilities within Dashlane’s core platform. In response to the incident, Dashlane has blocked malicious traffic sources and reinforced its security controls. Additional safeguards have been implemented to detect and mitigate similar attack patterns in the future. The company stated that it continues to enhance its resilience against evolving threats while maintaining a focus on user privacy and account protection. Dashlane noted that its investigation remains ongoing and that further updates will be shared if new findings emerge. A clarification regarding the nature of the attack was also issued after the initial advisory to ensure accurate communication. This incident highlights the growing sophistication of brute-force campaigns targeting password managers and reinforces the importance of strong authentication practices, including robust master passwords and vigilant monitoring of account activity. Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Critical Magento Cache Plugin Vulnerability Enables Remote Code Execution Attacks Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor New Zapocalypse Attack Chain Enables Full Zapier Account Takeover Latest News Cyber Security News Critical WP Maps Pro Vulnerability Allow Attackers to Create Administrator Account Cyber Security Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts Cyber Security News IBM WebSphere Server Vulnerable to Remote Code Execution Attack Via Crafted Request Cyber Security News Critical Magento Cache Plugin Vulnerability Enables Remote Code Execution Attacks Cyber Security News Critical MCP Toolbox Vulnerability Impacts Enterprise Database onnectors
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 02, 2026
    Archived
    Jun 02, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗