Can't make sense of Dashlane's vault theft notification? You're not alone.
ID: cd7827ec-1633-59c3-a48d-42c2e06a46c8
STIX ID: report--cd7827ec-1633-59c3-a48d-42c2e06a46c8
Feed Name: Ars Technica Security (category)
Dashlane disclosed that beginning May 31, 2026, an external party launched a brute-force attack targeting two-factor authentication on certain user accounts, enabling the attacker to register new devices and access 20 encrypted user vaults; users reported receiving unexpected 2FA requests and criticized Dashlane's communication. The report examines the mechanics and feasibility of brute-forcing six-digit time-based codes (noting an unusually long three-hour code validity in at least one case), questions around rate limiting and server load, and community concern about the scope and handling of the incident.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
