There’s a lot that doesn’t add up in a security advisory password manager Dashlane published Monday, warning that attackers managed to obtain 20 encrypted user vaults.
“Starting on Sunday, May 31, 2026, an external party launched a brute force attack against certain Dashlane user accounts,” the company said. “The goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts.”
Hello, Dashlane, anybody home?
A Dashlane user who received such a 2FA request provided this screenshot of the notification, which arrived on Sunday.
The UK-based user was concerned and contacted Dashlane through a support bot. Ultimately the user got no information about why the notification was sent.
