Password manager Dashlane has disclosed that a recent cyberattack resulted in fewer than 20 users having copies of their password vaults downloaded by attackers.
The incident began on May 31 when some users received unexpected account suspension emails and experienced login issues. Dashlane later confirmed that an external threat actor had launched a brute-force attack against a number of customer accounts.
According to the company, the attackers attempted to bypass two-factor authentication protections and register their own devices on targeted accounts. Dashlane’s automated security systems detected the unusual activity and temporarily suspended affected accounts, which also caused authentication issues for some users.
Read: Billions of Leaked Passwords Show Why Password Security Is Still Broken
While most of the attacks were blocked, the company says the attackers successfully gained access to a small number of personal accounts and downloaded copies of the stored vault data. Dashlane has directly notified all affected users.
The company stressed that the incident did not involve a breach of its internal systems or infrastructure.
Although the downloaded vaults contain sensitive information such as passwords and other stored credentials, the data remains protected by encryption. Accessing the contents would require the user’s master password, which is not stored by Dashlane.
That does not mean the risk is zero. Attackers can attempt to crack downloaded vaults offline, especially if a user relies on a weak or easily guessed master password. Users with strong and unique master passwords are considered far less vulnerable.
Dashlane is advising users to review devices connected to their accounts, remove any unfamiliar devices, enable two-factor authentication, and ensure they are using a strong master password.
Also read: One Small Security Mistake Can Cost You Money, Data, and Peace of Mind
The incident is also a reminder that no security tool is completely immune to attacks. While password managers remain one of the safest ways to store and manage credentials, users should choose a service with strong encryption, enable two-factor authentication, and use a long, unique master password. If you are considering a password manager or looking to compare alternatives, services such as NordPass and Proton Pass are also worth exploring, offering encrypted password storage, cross-platform support, and additional security features.
