Dernière minute
ARالحرس الثوري الإيراني يستهدف منشآت أمريكية في البحرين والكويت رداً على ضربات واشنطنARالولايات المتحدة تشن ضربات على إيران بعد هجمات على سفن تجارية في مضيق هرمزARالقيادة المركزية الأمريكية تستهدف مواقع إيرانية والحرس الثوري يرد بضرب مواقع أمريكيةARالقيادة المركزية الأمريكية تشن هجمات على إيران رداً على استهداف سفن تجاريةARرئيس البرلمان الإيراني يتهم أمريكا بانتهاك مذكرة التفاهمARالبحرين تطلق صافرات الإنذار بعد ضربات أمريكية على إيرانARربع النهائي: 8 منتخبات تتنافس على 4 مقاعد في نصف النهائيARسويسرا تتأهل لدور الثمانية بكأس العالم بفوز صعب على كولومبيا، وفولهام يعين أربيلوا مدرباًARتحرير قسطنطينوفكا يضعف ادعاءات كييف عشية قمة الناتوARاليابان والهند: شراكة استراتيجية لمواجهة الصينARالحرس الثوري الإيراني يستهدف منشآت أمريكية في البحرين والكويت رداً على ضربات واشنطنARالولايات المتحدة تشن ضربات على إيران بعد هجمات على سفن تجارية في مضيق هرمزARالقيادة المركزية الأمريكية تستهدف مواقع إيرانية والحرس الثوري يرد بضرب مواقع أمريكيةARالقيادة المركزية الأمريكية تشن هجمات على إيران رداً على استهداف سفن تجاريةARرئيس البرلمان الإيراني يتهم أمريكا بانتهاك مذكرة التفاهمARالبحرين تطلق صافرات الإنذار بعد ضربات أمريكية على إيرانARربع النهائي: 8 منتخبات تتنافس على 4 مقاعد في نصف النهائيARسويسرا تتأهل لدور الثمانية بكأس العالم بفوز صعب على كولومبيا، وفولهام يعين أربيلوا مدرباًARتحرير قسطنطينوفكا يضعف ادعاءات كييف عشية قمة الناتوARاليابان والهند: شراكة استراتيجية لمواجهة الصين
Newsgather
BackDashlane: Hackers Stole Dozens of Encrypted Customer Password Vaults
Dashlane: Hackers Stole Dozens of Encrypted Customer Password Vaults
En développement
TechCrunch02.06.2026Tech2 dk okumaUnited States

Dashlane: Hackers Stole Dozens of Encrypted Customer Password Vaults

L'essentiel

  • Password manager Dashlane reported a cyberattack where hackers stole at least a dozen encrypted customer password vaults by brute-forcing its two-factor authentication system.
  • While vaults are encrypted, customers with weak master passwords may be at risk.

Résumé généré par IA

Pourquoi c'est important

Password manager Dashlane has reported a cyberattack where hackers gained access to approximately 20 customer accounts by brute-forcing its two-factor authentication system. This allowed them to download copies of at least a dozen encrypted customer password vaults.

Taille de police

Password manager maker Dashlane says hackers have obtained at least a dozen encrypted vaults used for storing customer passwords during a weekend cyberattack.

The company said on its website that hackers brute-forced the company’s two-factor authentication system, granting the hackers access to about 20 customer accounts. By defeating its two-factor mechanism, the hackers were able to download a copy of certain customers’ encrypted vaults, which store their passwords and other sensitive credentials.

Dashlane said on its incident page that there was no evidence of compromise of its own systems, but it has not yet said how the hackers were able to defeat its two-factor protections in order to access customer accounts. Two-factor is a security feature that protects accounts from being accessed with just a stolen username and password, typically by requiring an additional passcode to be sent to the phone of the account holder.

“The goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts,” said Dashlane. The company said that attackers can use automated software to “rapidly submit every possible numeric combination to the system, hoping to guess the exact sequence before the short-lived [two-factor] security code expires.”

The company said it has “taken steps to mitigate the risk of future incidents,” without saying what those were.

Dashlane said it has notified the 20 or so customers whose encrypted vaults were stolen. It’s not yet clear if the specific customers were targeted for a reason, such as because of who they are or what they do for a living.

Spokespeople for Dashlane did not respond to a request for comment. The company has not said if it knows who targeted its customers, or if the hackers contacted Dashlane with demands, such as a ransom.

The stolen vaults are scrambled and cannot be read without the customer’s master password, which is only known by the customer and is not uploaded to Dashlane in plaintext, the company’s website says. But Dashlane said that customers with an easily guessed master password may be at greater risk of having it guessed and their password vaults decrypted.

Data breaches affecting password manager companies are rare, but can have lasting consequences.

In 2022, LastPass confirmed that customer password vault backups were stolen during a cyberattack. While the vaults were protected with passwords only known to the customer, the password requirements for early customers were far weaker than the later standard, allowing hackers to brute-force and easily guess the passwords of some customers’ vaults. There have been several reports of hackers stealing vast amounts of customers’ crypto, likely by using private keys stored in stolen LastPass vaults that had their master passwords cracked following the breach.

Questions ouvertes

  • How exactly were Dashlane's two-factor protections defeated?
  • Who are the targeted customers and why were they targeted?
  • What specific steps has Dashlane taken to mitigate future incidents?
  • Does Dashlane know the identity of the hackers?

Sujets liés

This article was originally published by TechCrunch.

Articles liés

Plus sur ce sujetcyberattack