Dashlane Password Manager Reveals Hackers Stole Some Encrypted Vaults Using Brute-Force Attacks

Dashlane says that traffic from bad actors has since been blocked.

Advertisement
Written by Dhruv Raghav, Edited by David Delima | Updated: 4 June 2026 10:58 IST
Highlights
  • Dashlane is currently contacting affected users
  • Dashlane claims that the vault data can not be accessed
  • Dashlane says that its internal system has not been impacted

Hackers stole encrypted vault data of fewer than 20 users

Photo Credit: Bloomberg

Dashlane has revealed that unspecified bad actors attempted to gain access to user accounts and their password vaults at the end of May. The tech firm claims that accounts of certain users came under “high volume” of attacks, which led to an automatic security lockdown of accounts. The company says that an attempt was made to bypass the security protocols of the password manager, which would have allowed the attackers to register new devices against existing user accounts. However, the bad actors managed to steal encrypted password vaults of a few users.

Dashlane Says Stolen Vaults Remain Inaccessible Without Master Password

In a blog post, the password manager revealed that an “external party” launched a “brute force attack” against “certain” user accounts on May 31. The company says that the primary motive behind the cyberattack was to bypass the two-factor authentication (2FA) protections of user accounts, which would have allowed the hackers to register new devices against existing user accounts.

Advertisement

This would have given remote access to the Dashlane password vaults to the bad actors, eventually exposing their passwords and credentials. Since a password manager stores multiple passwords for users in one place, its breach can potentially lead to a security breach of other accounts, too. Dashlane says that because of the “high volume” of attempts, the password manager's security protocols “automatically locked accounts that were targeted by the attack”.

However, the “external party” managed to exfiltrate encrypted password vaults of less than 20 “personal plan users”. The attempts also led to Dashlane's team being “immediately alerted”, followed by the launch of an investigation into the attack, while also working to resolve the issue, the company claims. As a stopgap measure, the tech firm temporarily suspended accounts of various users.

Advertisement

Dashlane says that the access has since been restored. The company has also started notifying users whose accounts have been affected by the cyberattack. On top of this, the password manager claims that its password vault data will remain inaccessible to hackers without the “master password”.

It's worth noting that it also depends on the strength of the master password set by the user, as hackers can also attempt offline cracking. The company said, “Our vault encryption ensures that any attempts to gain access to the vault are statistically unlikely to succeed, even over a long period of time.”

Advertisement

Further, Dashlane highlighted that there is no evidence that its internal systems have been impacted as a result of the cyberattack. As a remedial measure, the company has blocked traffic from the bad actors. The users who were unable to add new devices to accounts with 2FA can now do so. The password manager highlighted, “Our team has taken steps to mitigate the risk of future incidents and continue to harden our resiliency.”

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Best Smartphones With AI Camera Features
  2. Best Mobiles Under Rs. 40,000 in India
  3. Samsung Galaxy Z Fold 8 Ultra Roundup: Launch Date, Expected Price, Features
  1. Samsung Galaxy Z Flip 8 Roundup: Launch Date, Expected Price, Specifications
  2. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  3. Google Pixel 11a Codename Reportedly Spotted in Phone App
  4. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  5. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  6. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  7. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  8. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  9. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  10. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.