Dashlane says it temporarily locked some customer accounts after attackers repeatedly tried to register new devices and failed the required verification step. The company said the activity began Sunday, triggered automatic protections, and later moved to monitoring after restoring affected accounts. Dashlane said its internal systems were not compromised, but did not disclose how many users were hit or whether any account takeovers succeeded.
Why it matters: Password managers hold access to many other accounts, so even unsuccessful attacks are high-impact for users. Dashlane customers should verify recent login alerts, ensure multi-factor authentication is working, and contact support if their account was suspended or shows unfamiliar device activity.
Eduard Kovacs
2026.06.02
97% relevant
This is the same underlying Dashlane brute-force campaign and adds the key impact detail that attackers successfully compromised some accounts and downloaded fewer than 20 encrypted personal-plan vaults after brute-forcing 2FA codes to register devices.
info@thehackernews.com (The Hacker News)
2026.06.02
98% relevant
This appears to be the same Dashlane brute-force incident and adds a key update: attackers were able to download encrypted password vaults for fewer than 20 users, refining the scope and impact beyond the earlier account suspensions.
Bill Toulas
2026.06.01
99% relevant
This article is a direct report on the same Dashlane incident, adding vendor confirmation that an external party targeted certain accounts in brute-force attacks, that suspensions were part of built-in protections, and that affected accounts were later unsuspended while additional safeguards were being implemented.
2026.06.01
100% relevant
This article appears to be the first tracked report of Dashlane suspending user accounts in response to an ongoing brute-force campaign targeting customer logins and device registration.
← Back to all stories