Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads

Password management and credential security solutions provider Dashlane revealed on Monday that it has been targeted in a brute-force attack campaign that resulted in a limited number of encrypted vaults being downloaded by the attackers.

According to Dashlane, the attack began on May 31, with attackers attempting to brute-force 2FA to register their own devices on targeted accounts.

The hackers, the company said, used automated software to “rapidly submit every possible numeric combination to the system, hoping to guess the exact sequence before the short-lived security code expires”.

Registering a device gives the attacker the access required to download the targeted user’s encrypted vault from Dashlane servers.

The attack was quickly detected and the targeted accounts were automatically locked to limit impact.