Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks
Cybersecurity NewsArchived Jun 02, 2026✓ Full text saved
Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026. According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts. The attack triggered automated security defenses, resulting in multiple […] The post Dashlane Password Manager User Accounts Locked Following Brute-
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks
By Abinaya
June 2, 2026
Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026.
According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts.
The attack triggered automated security defenses, resulting in multiple user accounts being temporarily locked. The high volume of login attempts prompted Dashlane’s protective systems to automatically suspend affected accounts as a precautionary measure.
This response was designed to prevent unauthorized access and stop attackers from progressing further in their attempts.
Dashlane Accounts Locked
Dashlane confirmed that its internal security teams were immediately alerted and launched an investigation while implementing mitigation measures to contain the activity.
As a result of the incident, several users experienced temporary disruptions, including being unable to log in or add new devices.
Dashlane has since restored access to all impacted accounts and confirmed that normal operations have resumed. The company emphasized that these account lockouts were part of its defensive strategy rather than evidence of successful compromise.
However, the investigation revealed that attackers managed to download encrypted vault data belonging to fewer than 20 users on personal plans.
Dashlane stated that all affected individuals have been directly notified. Importantly, the company clarified that users who did not receive a notification are not impacted by this data exposure.
Dashlane reassured users that the stolen vault data remains strongly protected due to its zero-knowledge encryption model. Vault contents are encrypted using the user’s Master Password, which is never stored or transmitted to Dashlane servers.
Without access to this password, decrypting the vault is considered computationally impractical, even with extended brute-force efforts.
The company also confirmed that there is no evidence suggesting a breach of its internal infrastructure. The attack was limited to external authentication attempts rather than exploitation of backend systems or vulnerabilities within Dashlane’s core platform.
In response to the incident, Dashlane has blocked malicious traffic sources and reinforced its security controls. Additional safeguards have been implemented to detect and mitigate similar attack patterns in the future.
The company stated that it continues to enhance its resilience against evolving threats while maintaining a focus on user privacy and account protection.
Dashlane noted that its investigation remains ongoing and that further updates will be shared if new findings emerge. A clarification regarding the nature of the attack was also issued after the initial advisory to ensure accurate communication.
This incident highlights the growing sophistication of brute-force campaigns targeting password managers and reinforces the importance of strong authentication practices, including robust master passwords and vigilant monitoring of account activity.
Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Critical Magento Cache Plugin Vulnerability Enables Remote Code Execution Attacks
Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files
Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild
Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor
New Zapocalypse Attack Chain Enables Full Zapier Account Takeover
Latest News
Cyber Security News
Critical WP Maps Pro Vulnerability Allow Attackers to Create Administrator Account
Cyber Security
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
Cyber Security News
IBM WebSphere Server Vulnerable to Remote Code Execution Attack Via Crafted Request
Cyber Security News
Critical Magento Cache Plugin Vulnerability Enables Remote Code Execution Attacks
Cyber Security News
Critical MCP Toolbox Vulnerability Impacts Enterprise Database onnectors