Dashlane Details How Hackers Managed to Download Encrypted Password Vaults

**Dashlane brute-force campaign:** Beginning May 31, 2026, attackers conducted a high-volume brute-force attack against Dashlane’s device-registration 2FA endpoints, successfully registering devices and downloading encrypted vaults for fewer than 20 personal-plan users; Dashlane says vaults remain protected by users’ Master Passwords and its zero-knowledge encryption, no internal compromise was found, and mitigations (account lockouts, API hardening, added verification) were applied.