CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 05, 2026

Attackers obtained encrypted password vaults from some Dashlane user accounts

Help Net Security Archived Jun 05, 2026 ✓ Full text saved

Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems. “Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn’

Full text archived locally
✦ AI Summary · Claude Sonnet


    Sinisa Markovic, Senior Staff Writer, Help Net Security June 5, 2026 Share Attackers obtained encrypted password vaults from some Dashlane user accounts Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems. “Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn’t enter the correct token after several tries,” the emails read, instructing affected users to contact customer support to restore access. Shortly after, Dashlane launched an investigation into reports from users who had received account suspension notifications and were experiencing difficulties logging in after resetting their master passwords. According to Dashlane, the threat actor targeted API endpoints used for device registration and launched a high volume of automated requests in an attempt to gain access to user accounts. The company said its automated security systems responded by locking targeted accounts to protect affected users. “Before the attack was fully mitigated, the threat actor was able to brute force and generate valid tokens for fewer than 20 personal plan customers, allowing them to register a new device on those accounts and download copies of users’ encrypted vaults,” Dashlane stated. The advisory notes that the copied vaults remain encrypted and require the user’s master password to unlock. However, stolen vaults can still be subjected to offline password-cracking attempts, making the strength of a user’s master password a key factor in limiting the risk of exposure. “We have contacted the very limited number of customers whose vaults were impacted. In those few cases, the attackers were only able to copy the encrypted vault, which requires the master password to unlock.” Following the incident, Dashlane said it deployed additional protections at the network and product levels to detect and filter malicious traffic. The company is also adding verification steps to the device registration process. The company’s handling of the outage drew criticism on Reddit, where some users complained that Dashlane had provided little information while the issue was unfolding. Earlier this year, researchers at ETH Zurich and the Università della Svizzera italiana identified design weaknesses in several major password managers, including Dashlane. While unrelated to the recent brute-force attack, the researchers demonstrated scenarios in which a compromise of a provider’s infrastructure could expose or modify data stored in encrypted vaults. The risks associated with stolen password vaults can also persist long after an incident. TRM Labs warned that encrypted vault backups stolen during the 2022 LastPass breach were still being cracked using weak Master Passwords, enabling cryptocurrency thefts as late as 2025. More about breach Dashlane data breach encryption Share
    💬 Team Notes
    Article Info
    Source
    Help Net Security
    Category
    ◇ Industry News & Leadership
    Published
    Jun 05, 2026
    Archived
    Jun 05, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗