Dashlane said it was targeted in a brute-force campaign that tried to guess 2FA codes and register attacker-controlled devices on user accounts. Fewer than 20 personal plan users had encrypted vault copies downloaded, but the company said the vaults remain protected without the Master Password and there is no evidence its internal systems were affected. #Dashlane #TwoFactorAuthentication
Keypoints
- Dashlane detected a brute-force attack campaign on May 31.
- Attackers tried to guess 2FA codes to register their own devices.
- Device registration enabled downloads of encrypted vaults from Dashlane servers.
- Fewer than 20 personal plan users had vault copies taken.
- Dashlane said affected accounts were locked, restored, and no internal systems were impacted.
Read More: https://www.securityweek.com/dashlane-brute-force-attack-leads-to-limited-encrypted-vault-downloads/