DASHLANE reported a coordinated hacking attempt aimed at accessing the encrypted password vaults of its users. Attackers exploited the device enrollment feature, sending automated requests to numerous accounts, which led to fewer than 20 vaults being downloaded before the operation was halted. The attackers utilized a brute-force approach to compromise the one-time code needed for device registration and boosted their chances by targeting multiple accounts simultaneously.
Although less than 20 accounts were affected, Dashlane assured that all impacted users were notified. Crucially, the encrypted vault contents remain secured by the master password, significantly complicating decryption efforts. Users are advised to change their master passwords and vault contents as a precaution.