CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 05, 2026

Dashlane Details How Hackers Managed to Download Encrypted Password Vaults

Cybersecurity News Archived Jun 05, 2026 ✓ Full text saved

Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31, 2026, an external threat actor launched a high-volume brute-force campaign […] The post Dashlane Details How Hackers Managed to Download Encrypted Password V

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Dashlane Details How Hackers Managed to Download Encrypted Password Vaults By Guru Baran June 5, 2026 Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31, 2026, an external threat actor launched a high-volume brute-force campaign targeting Dashlane user accounts. The attacker focused specifically on the platform’s device registration API endpoints, flooding them with automated requests designed to guess the 6-digit one-time tokens sent via email or generated by authenticator apps. Dashlane’s automated security controls responded as intended, triggering account lockouts across targeted accounts before the attack was fully contained. The threat actor exploited Dashlane’s device registration flow, which is triggered whenever a user adds a new device, such as a mobile phone or computer, to their account. Upon successful 2FA verification, Dashlane registers the device and automatically downloads a copy of the encrypted vault to that device. By brute-forcing valid 6-digit tokens for a subset of accounts, attackers were able to complete the registration flow, effectively authorizing the device and downloading encrypted vault copies without the account holder’s knowledge. Fewer than 20 personal plan users had their encrypted vaults exfiltrated. All affected users were directly notified by Dashlane. Despite the vault downloads, Dashlane maintains that the stolen data remains effectively inaccessible. Vault contents are protected by the user’s Master Password, which is never transmitted to Dashlane servers in plaintext and is never stored a core principle of Dashlane’s zero-knowledge architecture. The encryption stack Argon2 + AES-256-CBC + HMAC-SHA256 makes brute-forcing the Master Password statistically infeasible even over extended timeframes. There is no evidence that Dashlane’s internal infrastructure was compromised at any point during the incident. On June 4, 2026, Dashlane announced the completion of its investigation, confirming no additional customer impact. Remediation steps included: Blocking malicious traffic at the network level. Reactivating suspended and locked-out user accounts. Deploying additional verification layers to the device registration flow. Hardening API endpoint protections to detect and filter future malicious traffic. The incident underscores that even robust password managers can be targeted at the authentication perimeter rather than the encryption layer itself, making strong 2FA configuration and Master Password hygiene critical defensive controls for all users. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Comodo Internet Security 0-Day Vulnerability Lets Attacker Crash the User’s Windows System Critical WP Maps Pro Vulnerability Allow Attackers to Create Administrator Account Microsoft Investigates MFA Setup Failure and MySigns-In Portal Outage HazyBeacon Camapign Weaponizes Amazon Web Services for Stealthy Communications GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks Latest News Cyber Security News HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration Cyber Security News Hackers Impersonate Ghidra, dnSpy, and SpiderFoot to Spread Malware via Fake Download Sites Cyber Security News binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts Cyber Security News Hackers Use Malicious Ads to Deliver FlutterShell Backdoor on macOS Systems Cyber Security News Hackers Use Fake Claude Code Install Page to Deliver Fileless .NET Infostealer
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 05, 2026
    Archived
    Jun 05, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗