WHAT JUST HAPPENED? Dashlane, one of the larger and more popular password managers, has locked multiple users out of their accounts following a series of brute-force attacks. The good news is that the company says its internal systems were not compromised, but the incident highlights how these tools can be disrupted by account takeover attempts.
The trouble began on Sunday, May 31, when Dashlane users started reporting suspension emails and login problems. Some said they were suddenly unable to access their vaults, while others received messages warning that someone had tried to register a new device using their account.
"Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn't enter the correct token after several tries," the emails stated. Affected users were told to contact customer support to restore access.
Dashlane later confirmed that an external party had targeted certain user accounts in a brute force attack. Rather than indicating a breach of Dashlane's own systems, the lockouts were triggered by the company's built-in security controls after repeated failed attempts to bypass two-factor authentication protections and add new devices.
