Dashlane Password Manager Accounts Locked by Brute-Force

A large-scale brute-force attack targeting user accounts has led password manager Dashlane to disclose a security incident, which began on May 31, 2026.

According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts.

The attack triggered automated security defenses, resulting in multiple user accounts being temporarily locked. The high volume of login attempts prompted Dashlane’s protective systems to automatically suspend affected accounts as a precautionary measure.

This response was designed to prevent unauthorized access and stop attackers from progressing further in their attempts.

Dashlane Accounts Locked

Dashlane confirmed that its internal security teams were immediately alerted and launched an investigation while implementing mitigation measures to contain the activity.

As a result of the incident, several users experienced temporary disruptions, including being unable to log in or add new devices.

Dashlane has since restored access to all impacted accounts and confirmed that normal operations have resumed. The company emphasized that these account lockouts were part of its defensive strategy rather than evidence of successful compromise.

However, the investigation revealed that attackers managed to download encrypted vault data belonging to fewer than 20 users on personal plans.

Dashlane stated that all affected individuals have been directly notified. Importantly, the company clarified that users who did not receive a notification are not impacted by this data exposure.

Dashlane reassured users that the stolen vault data remains strongly protected due to its zero-knowledge encryption model. Vault contents are encrypted using the user’s Master Password, which is never stored or transmitted to Dashlane servers.

Without access to this password, decrypting the vault is considered computationally impractical, even with extended brute-force efforts.

The company also confirmed that there is no evidence suggesting a breach of its internal infrastructure. The attack was limited to external authentication attempts rather than exploitation of backend systems or vulnerabilities within Dashlane’s core platform.

In response to the incident, Dashlane has blocked malicious traffic sources and reinforced its security controls. Additional safeguards have been implemented to detect and mitigate similar attack patterns in the future.

The company stated that it continues to enhance its resilience against evolving threats while maintaining a focus on user privacy and account protection.

Dashlane noted that its investigation remains ongoing and that further updates will be shared if new findings emerge. A clarification regarding the nature of the attack was also issued after the initial advisory to ensure accurate communication.

This incident highlights the growing sophistication of brute-force campaigns targeting password managers and reinforces the importance of strong authentication practices, including robust master passwords and vigilant monitoring of account activity.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.