Overview
- Dashlane confirmed that an automated brute-force campaign attempted to defeat two-factor authentication to register devices and access accounts.
- The company says the attack began on May 31 and its automated defenses temporarily suspended targeted accounts to block the activity.
- Dashlane disclosed that attackers downloaded copies of encrypted vaults for fewer than 20 personal-plan users and that those users have been directly notified.
- The firm maintains there is no evidence its internal systems were compromised and that vault data cannot be opened without each user’s master password.
- Dashlane says it has taken unspecified mitigation steps and moved the incident status to monitoring while some users continue to report access and communication problems.