Dashlane disclosed a brute-force attack targeting fewer than 20 users on its personal subscription plan. An unknown threat actor launched the assault on May 31, 2026, attempting to bypass two-factor authentication (2FA) on specific accounts. The attackers successfully downloaded encrypted password vaults from the affected users.

The company classified the incident as an external attack. Dashlane has not yet disclosed whether the attackers successfully decrypted any of the downloaded vaults. The password manager's vaults use encryption, which theoretically protects the stored credentials even if an attacker gains access to the files. However, the nature of the brute-force attack suggests the threat actor possessed credentials or access methods that allowed them to target accounts with known usernames or email addresses.

The targeting of 2FA represents an escalation in attacker sophistication. Rather than attempting to crack Dashlane's infrastructure directly, the adversary focused on bypassing user-level security controls. This method typically requires either compromised credentials from a third-party service, credential stuffing attacks, or exploitation of weak passwords. Brute-forcing 2FA systems remains difficult when properly implemented, suggesting the attackers either had partial account access or exploited a specific vulnerability in Dashlane's authentication process.

For affected users, the risk hinges on vault encryption strength and password complexity. If vaults remain encrypted with strong master passwords, the downloaded files present minimal immediate risk. If attackers obtained any credentials before encryption kicked in, or if master passwords prove weak, accounts across other services face compromise.

Dashlane users should monitor accounts for unauthorized access, change master passwords immediately, and review login history within the password manager. The company has not announced whether it will offer affected users credit monitoring or incident response support.

This incident underscores a persistent threat to cloud-based credential storage services. While Dashlane