Dashlane says hackers stole password vaults via a 'brute force attack'
Key takeaways
- The password manager provider says around 20 accounts were affected.
- "The goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts," Dashlane says.
- Engadget has contacted Dashlane for more information about the attack and how it's planning to prevent future incidents.
The password manager provider says around 20 accounts were affected.
Dashlane Dashlane, the maker of a password manager of the same name, has shared that several users' password vaults were exposed as part of a "brute force attack." The hackers were able to download copies of the password vaults of around 20 users, though Dashlane notes that vault data is encrypted unless they have access to a user's Master Password.
The hackers didn't gain access to the password vaults by compromising Dashlane's internal systems, according to a Dashlane status page that documented the attack. Instead, they tried to game the company's two-factor authentication system, the extra security layer that requires you to provide a passcode sent over text or email along with your username and password to log in.