Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Summary of Dashlane Security Breach

Dashlane, a popular password management service, recently disclosed a security breach resulting from a brute-force attack in which an unknown actor targeted certain user accounts. The attack aimed to bypass two-factor authentication and compromise accounts. While the exact number of impacted users is undisclosed, Dashlane confirmed that the attackers successfully accessed the encrypted vaults of fewer than 20 users on their personal subscription plan. The breach activated Dashlane’s security mechanisms, resulting in temporary suspensions and authentication issues. Although account access has been restored, impacted individuals have been directly notified. The encrypted vaults remain secure as they require the Master Password to access, which is highly secure unless trivially simple. As a precaution, Dashlane recommends users verify registered devices and enforce the use of strong passwords and two-factor authentication.

Key Points:

Dashlane disclosed a brute-force attack targeting a small but unspecified number of personal subscription accounts.
The breach allowed attackers to access encrypted vaults for fewer than 20 users.
Dashlane assured users not to worry unless they received a specific notification from the company.
The Master Password remains secure unless extremely simple or predictable.
Dashlane emphasized the importance of device verification, 2FA, and using strong, unique passwords.