SAN FRANCISCO — Password management platform Dashlane has disclosed a cybersecurity incident in which attackers successfully downloaded encrypted password vaults from a small number of customer accounts following a targeted brute-force campaign.
The company said the attack was aimed at bypassing two-factor authentication (2FA) protections and registering unauthorized devices on existing user accounts. While the majority of attempts were blocked by Dashlane’s security systems, a limited number of accounts were affected.
Fewer Than 20 Accounts Impacted
According to Dashlane, fewer than 20 users subscribed to its personal plans had copies of their encrypted vaults downloaded by the attackers.
The company stated that all affected customers have been directly notified and provided with guidance on securing their accounts. Dashlane emphasized that users who did not receive a notification are not believed to be impacted by the incident.
Security controls within the platform detected unusually high login activity during the attack, triggering temporary account lockouts and authentication disruptions that helped limit the scope of the intrusion.
Encrypted Data Remains Protected
Although attackers obtained encrypted vault files in a small number of cases, Dashlane stressed that the stolen data remains protected by each user’s Master Password.
The company explained that vault contents cannot be viewed without successfully decrypting the files using the correct Master Password. Strong and unique passwords significantly reduce the likelihood that attackers will be able to access stored credentials.
Cybersecurity experts generally note that encrypted password vaults are designed to remain secure even if copied by unauthorized parties, provided strong encryption standards and robust master passwords are in place.
Internal Systems Not Breached
Dashlane said its internal infrastructure, production systems, and backend services were not compromised during the attack. The incident appears to have been limited to targeted user accounts rather than a breach of the company’s core systems.
The disclosure suggests that attackers focused on credential-based attacks against individual users rather than exploiting vulnerabilities within Dashlane’s platform.
Users Encouraged to Review Security Settings
Following the incident, Dashlane advised customers to review all devices linked to their accounts and immediately remove any unfamiliar or unauthorized devices.
The company also encouraged users to enable two-factor authentication where available and strengthen their Master Passwords by using long, unique, and difficult-to-guess combinations.
Security professionals recommend avoiding reused passwords and regularly monitoring account activity for signs of unauthorized access.
Growing Threat of Credential Attacks
The incident highlights the continued prevalence of brute-force and credential-based attacks targeting online accounts and identity management platforms.
As password managers increasingly serve as repositories for sensitive personal and business credentials, threat actors continue to seek ways to gain access through account-level attacks rather than attempting to compromise the platforms themselves.
While Dashlane’s security architecture appears to have prevented broader exposure, the event serves as a reminder of the importance of strong authentication practices and layered account security.
The company continues to monitor the situation and has not reported any evidence that decrypted customer data has been accessed or exposed as a result of the attack.
