Dashlane reports a coordinated hacking campaign targeting user accounts via device enrollment API abuse, resulting in <20 encrypted vault downloads before mitigation.
Dashlane's security advisory about attackers obtaining encrypted user vaults has raised concerns due to a lack of clarity on the attack's mechanics, particularly how two-factor authentication was bypassed and how initial account access was gained.
Password manager Dashlane reported a breach where attackers obtained 20 encrypted user vaults after a brute-force attack on 2FA. Users and experts question the attack's mechanics, citing unusual 2FA code validity and lack of information on how the initial password was compromised. Dashlane claims vaults remain secure without the master password.
Dashlane reports that hackers used brute force attacks to bypass two-factor authentication and download encrypted password vaults from around 20 users. The company has notified affected users and implemented security measures.
Password manager Dashlane reported a cyberattack where hackers stole at least a dozen encrypted customer password vaults by brute-forcing its two-factor authentication system. While vaults are encrypted, customers with weak master passwords may be at risk.
