Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Dashlane personal-plan users' encrypted vault exposure

Data Leak
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, creating a limited but concrete exposure of sensitive stored data. The attack attempted to bypass 2FA and add new devices to existing accounts. Dashlane said affected users were notified and that vault contents still depend on the Master Password for access.

Related Happenings

Dashlane password manager account lockouts from brute-force attacks

Service Disruption
First: 01.06.2026 21:17 Last: 01.06.2026 21:17 Sources 1

How related: the high volume of attempts on those accounts triggered temporary account suspensions and authentication issues due to its built-in security controls.

About this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...

Open Happening

Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw

Vulnerability
First: 16.02.2026 19:15 Last: 16.02.2026 19:15 Sources 1

About this happening: **Bitwarden, LastPass, Dashlane and 1Password** were found to have **cloud password manager vulnerabilities** that could let an attacker **view, change, recover, or delete vault p...

Open Happening

GitLab authentication services 2FA bypass (CVE-2026-0723)

Vulnerability
First: 21.01.2026 15:57 Last: 21.01.2026 15:57 Sources 1

About this happening: **GitLab CE/EE** patched **CVE-2026-0723**, an **unchecked return value** flaw in authentication services that could let an attacker who knew a victim's account ID bypass **two-fa...

Open Happening

Timeline

  1. 02.06.2026 06:55 1 articles · 3h ago

    External brute-force attack downloads encrypted vaults from fewer than 20 Dashlane personal-plan accounts

    Victim Impact Update

    An external threat actor launched brute-force attacks against certain Dashlane user accounts on May 31, 2026, aiming to break 2FA protections and register new devices on existing accounts. Dashlane said the high volume of attempts triggered temporary account suspensions and authentication issues, and that in a handful of cases attackers downloaded copies of encrypted vaults belonging to fewer than 20 personal-plan users.

    Show sources
    Open in new tab
  2. 02.06.2026 06:55 2 articles · 3h ago

    Dashlane discloses encrypted vault exposure affecting fewer than 20 personal-plan users

    Initial Disclosure

    Dashlane disclosed that fewer than 20 personal-plan users had encrypted vaults downloaded after the brute-force attack and said affected users were directly notified. The company added that users who did not receive a vault-risk message had no impact to their Dashlane account, and that its internal systems were not impacted.

    Show sources
    Open in new tab