Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 9, 2026 | 10:58 UTC
2032 CVEs This Month
7 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Vulnerabilities

Dashlane Reports Brute-Force Attack Affecting Encrypted Vaults of Under 20 Users

Thirumala Rao Padilam Thirumala Rao Padilam June 2, 2026
Dashlane Reports Brute-Force Attack Affecting Encrypted Vaults of Under 20 Users

Password manager Dashlane revealed that a brute-force attack aimed at bypassing two-factor authentication led to the download of encrypted vaults belonging to fewer than 20 users on its personal subscription plan. The attack, conducted by an external threat actor, was disclosed by Dashlane on May 31, 2026.

What happened

Dashlane confirmed a brute-force attack targeting its personal subscription users. The attack sought to break two-factor authentication protecting these accounts. Following the attack, fewer than 20 users had their encrypted password vaults downloaded by the threat actor. Dashlane attributed the attack to an external party, although no further information about the attacker or exploitation timeframe was provided.

Why it matters

This incident underscores ongoing threats even against password managers implementing multi-factor authentication. It highlights the persistent risk that brute-force methods can pose to account security when attackers focus on bypassing authentication safeguards. The breach affecting encrypted vaults could expose sensitive credentials if the encryption is weakened or compromised.

What security teams should do

Organizations and individuals using password management solutions should ensure multi-factor authentication is enabled and monitor for unusual login attempts. Reviewing access logs and resetting passwords may be prudent following suspicious activity. Vendors should investigate authentication vulnerabilities and update protections against brute-force techniques where possible.

Key technical details

The attack leveraged brute-force methods to attempt breaking two-factor authentication mechanisms guarding Dashlane user accounts, specifically targeting the personal subscription plan. Encrypted vaults that store users’ passwords and data were downloaded in fewer than 20 cases. Dashlane has not detailed the specific authentication vectors targeted or the cryptographic methods securing the vaults.

Affected organizations/products

Dashlane personal subscription users, with fewer than 20 users confirmed to have had their encrypted vaults downloaded during the attack.

Source attribution

https://thehackernews.com/2026/06/dashlane-discloses-brute-force-attack.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!