Dashlane personal-plan users' encrypted vault exposure
Data Leak
Summary
Hide ▲
Show ▼
On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, creating a limited but concrete exposure of sensitive stored data. The attack attempted to bypass 2FA and add new devices to existing accounts. Dashlane said affected users were notified and that vault contents still depend on the Master Password for access.
Related Happenings
Instagram High Touch Support password reset security flaw
Vulnerability
H score40
First: 08.06.2026 09:00
Last: 08.06.2026 09:00
Sources 1
About this happening:
Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...
Instagram High Touch Support password reset security flaw
VulnerabilityAbout this happening: Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...
Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/Service
H score26
First: 02.06.2026 18:47
Last: 02.06.2026 18:47
Sources 1
About this happening:
Instagram accounts were hijacked after attackers abused Meta’s AI-powered support tools to pass recovery checks and change the recovery email, creating a direct failure in...
Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/ServiceAbout this happening: Instagram accounts were hijacked after attackers abused Meta’s AI-powered support tools to pass recovery checks and change the recovery email, creating a direct failure in...
Dashlane password manager account lockouts from brute-force attacks
Service Disruption
H score12
First: 01.06.2026 21:17
Last: 01.06.2026 21:17
Sources 1
How related:
the high volume of attempts on those accounts triggered temporary account suspensions and authentication issues due to its built-in security controls.
About this happening:
Dashlane experienced a temporary account-access disruption after brute-force login attempts triggered security lockouts for some users. The affected accounts were late...
Dashlane password manager account lockouts from brute-force attacks
Service DisruptionHow related: the high volume of attempts on those accounts triggered temporary account suspensions and authentication issues due to its built-in security controls.
About this happening: Dashlane experienced a temporary account-access disruption after brute-force login attempts triggered security lockouts for some users. The affected accounts were late...
Instagram accounts for Obama White House hit by account takeover attack
Incident
H score40
First: 01.06.2026 20:32
Last: 01.06.2026 20:32
Sources 1
About this happening:
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI supp...
Instagram accounts for Obama White House hit by account takeover attack
IncidentAbout this happening: The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI supp...
Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw
Vulnerability
H score41
First: 16.02.2026 19:15
Last: 16.02.2026 19:15
Sources 1
About this happening:
Bitwarden, LastPass, Dashlane and 1Password were found to have cloud password manager vulnerabilities that could let an attacker view, change, recover, or delete vault p...
Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw
VulnerabilityAbout this happening: Bitwarden, LastPass, Dashlane and 1Password were found to have cloud password manager vulnerabilities that could let an attacker view, change, recover, or delete vault p...
Timeline
-
02.06.2026 06:55 1 articles · 1mo ago
External brute-force attack downloads encrypted vaults from fewer than 20 Dashlane personal-plan accounts
Victim Impact UpdateAn external threat actor launched brute-force attacks against certain Dashlane user accounts on May 31, 2026, aiming to break 2FA protections and register new devices on existing accounts. Dashlane said the high volume of attempts triggered temporary account suspensions and authentication issues, and that in a handful of cases attackers downloaded copies of encrypted vaults belonging to fewer than 20 personal-plan users.
Show sources
- Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded — thehackernews.com — 02.06.2026 06:55
-
02.06.2026 06:55 2 articles · 1mo ago
Dashlane discloses encrypted vault exposure affecting fewer than 20 personal-plan users
Initial DisclosureDashlane disclosed that fewer than 20 personal-plan users had encrypted vaults downloaded after the brute-force attack and said affected users were directly notified. The company added that users who did not receive a vault-risk message had no impact to their Dashlane account, and that its internal systems were not impacted.
Show sources
- Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded — thehackernews.com — 02.06.2026 06:55
- Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded — thehackernews.com — 02.06.2026 06:55