Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Summary
Password manager Dashlane has reported a brute-force attack that resulted in the encrypted vaults of fewer than 20 personal plan users being downloaded. The attack, which occurred on May 31, 2026, targeted the company's two-factor authentication (2FA) system.
IFF Assessment
FOE
This incident involves a successful attack against user credentials and data, representing a negative development for defenders and users of the affected service.
Defender Context
This incident highlights the ongoing threat of brute-force attacks, even against services that employ multi-factor authentication. Defenders should remain vigilant about credential stuffing and brute-force attempts, and users should be encouraged to use strong, unique passwords and robust MFA methods.