Dashlane explains how attackers managed to download encrypted password vaults
Summary
Dashlane disclosed a coordinated attack targeting its device-enrollment API, which allowed a small number of brute-force attempts to enroll new devices and download encrypted vaults. Fewer than 20 personal vaults were accessed before the operation was halted. The incident highlights risks around device enrollment flows, account lockouts, and the need for strong master passwords and robust MFA practices.