Password manager Dashlane has confirmed that a small number of user password vaults were exposed following a targeted brute-force attack aimed at its two-factor authentication (2FA) system.
The company clarified that its internal infrastructure was not breached during the incident.
Attack Focused on Bypassing Two-Factor Authentication
According to Dashlane, attackers attempted to bypass security protections by overwhelming the platform's login verification process using automated, high-speed code-guessing attempts.
Rather than exploiting internal vulnerabilities, the attackers reportedly used brute-force techniques to flood the 2FA system with numerous verification attempts. The goal was to trick the system into authorizing new device registrations on existing user accounts.
Dashlane added that this type of attack targets authentication layers rather than core database systems, relying on rapid trial-and-error attempts to gain unauthorized access.
Encrypted Vault Data Remains Protected
The company confirmed that approximately 20 encrypted user vaults were downloaded during the attack. However, Dashlane stressed that the stolen data remains secure due to strong encryption protections.
According to Engadget, accessing the vault contents requires a Master Password, which is not stored by Dashlane and is essential for decrypting stored credentials. Without it, the exposed data is considered unreadable.
Judging from the incident, the importance of strong, unique Master Passwords when using password managers that store sensitive login information.
Security Systems Automatically Contained the Incident
Dashlane stated that its security systems detected unusual activity and automatically locked affected accounts to prevent further unauthorized access attempts. The company also blocked traffic linked to the attackers and implemented additional safeguards to reduce the risk of similar incidents.
Only a small number of users were affected, and those impacted have already been notified.
Dashlane Advises Users To Strengthen Account Security
Following the incident, Dashlane urged users to review connected devices, strengthen their two-factor authentication settings, and update their Master Passwords to more secure combinations.
In other news, the Meta AI chatbot was reportedly helping hackers gain access to high-profile Instagram accounts. Some of the most notable accounts were associated with beauty retailer Sephora and the Obama White House.
According to the reports, users could ask the chatbot about the email address linked to a specific Instagram account. From here, they could also request changes to it.
Once successful, hackers could have the chance to recover the email address and later reset their credentials so they could access the victims' accounts.
Meta needs to do something about this. They should improve their AI chatbot's security and limit users to the information they should access.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
