Password management company Dashlane has revealed that fewer than 20 users had their encrypted password vaults downloaded after attackers successfully carried out a brute-force attack against a small number of customer accounts.
The incident, which occurred on May 31, 2026, involved an external threat actor attempting to bypass account security protections and gain unauthorized access to Dashlane user accounts.
Attack Targeted Two-Factor Authentication Protections
According to Dashlane, the attackers launched a large-scale brute-force campaign against selected user accounts with the goal of overcoming two-factor authentication (2FA) safeguards and registering unauthorized devices on existing accounts.
While the company did not disclose the total number of accounts targeted, it noted that the unusually high volume of login attempts triggered its security mechanisms, leading to temporary account suspensions and authentication disruptions for some users.
Dashlane stated that affected accounts have since been restored and secured.
Fewer Than 20 Encrypted Vaults Downloaded
In an update on the incident, Dashlane confirmed that the attackers were successful in a limited number of cases.
As a result, the threat actor was able to download copies of encrypted vaults belonging to fewer than 20 users subscribed to Dashlane’s personal plan.
The company said it has directly contacted all affected individuals.
“We have directly notified each of these users. If you’re a Dashlane user and have not received a message from Dashlane specific to vault risk, there is no impact to your Dashlane account,” the company stated.
Were Passwords Exposed?
Despite the vault downloads, Dashlane emphasized that the stolen data remains encrypted and cannot be accessed without the account’s Master Password.
The company explained that unless a user’s Master Password is weak, predictable, or easily guessed, the likelihood of attackers successfully decrypting the vault contents remains extremely low.
This means that usernames, passwords, payment details, secure notes, and other stored information remain protected by Dashlane’s encryption architecture.
Importantly, Dashlane confirmed that its internal infrastructure and backend systems were not compromised during the incident.
Security Recommendations for Users
As a precaution, Dashlane is encouraging users to review their account security settings and take additional protective measures.
Recommended actions include:
- Review all devices connected to your Dashlane account.
- Remove any devices you do not recognize.
- Enable two-factor authentication (2FA) if it is not already active.
- Use a strong and unique Master Password.
- Avoid simple, reused, or easily guessable passwords.
- Regularly monitor account activity for suspicious logins.
Why Strong Master Passwords Matter
The incident serves as a reminder that password managers rely heavily on the strength of the Master Password protecting encrypted vaults.
Even when attackers obtain an encrypted copy of a vault, strong encryption can significantly limit the usefulness of the stolen data if the Master Password is sufficiently complex.
Cybersecurity experts generally recommend using long passphrases that combine multiple unrelated words, numbers, and symbols while avoiding personal information or common password patterns.
Growing Threat of Credential Attacks
Brute-force and credential-based attacks continue to be a common tactic used by cybercriminals to gain access to online accounts. While password managers provide an additional layer of security by encouraging strong, unique credentials, users are still responsible for maintaining strong Master Passwords and enabling multi-factor authentication.
Although Dashlane’s latest incident affected only a small number of users, it highlights the importance of layered security controls and ongoing vigilance against account takeover attempts.
For users who did not receive a notification from Dashlane regarding vault exposure, the company says there is no evidence that their accounts were affected by the attack.
