Essential Insights
- A brute-force attack targeted Dashlane users’ accounts, attempting to bypass 2FA and register new devices.
- Less than 20 personal vaults were accessed and downloaded by attackers, despite security controls triggering account suspensions.
- The encrypted vaults remain secure unless the Master Password is weak, but users are advised to strengthen passwords and review device access.
Threat, Attack Techniques, and Targets
Dashlane reported a brute-force attack on some of its user accounts. An unknown attacker tried to break through two-factor authentication (2FA) protections. The goal was to register new devices on user accounts and steal data. The attacker launched many login attempts, which triggered Dashlane’s security controls. Fewer than 20 users on the personal subscription plan had their encrypted vaults downloaded. The exact number of targeted users is not known. The attack was external, meaning it came from outside Dashlane. The company said that the attacker was able to succeed in some cases, but most accounts remained secure.
Impact, Security Implications, and Remediation Guidance
The attacker was able to download encrypted vaults from less than 20 users. However, access to vaults is protected by the Master Password. This makes it difficult for attackers to open the vaults without the correct password. Dashlane stated that their internal systems were not affected. The main impact is that some user data was accessed and downloaded. Users whose vaults were downloaded were notified. Dashlane recommends users review registered devices, enable 2FA, and choose a strong Master Password. For further protection, users should follow guidance from Dashlane or relevant security authorities.
Expand Your Tech Knowledge
Explore the future of technology with our detailed insights on Artificial Intelligence.
Discover archived knowledge and digital history on the Internet Archive.
ThreatIntel-V1
