DASHLANE , a password management and credential security provider, reported a brute-force attack that targeted its accounts starting May 31. The attackers used automated software to guess two-factor authentication (2FA) codes in an attempt to register their devices and access user accounts. Although the attack was quickly detected and led to account locks, some accounts were compromised, resulting in the download of fewer than 20 encrypted vaults belonging to personal plan users.
Dashlane assured that the vault data remains inaccessible without the master password and that their internal systems were not affected. Affected users have since been notified and accounts restored.