Dashlane explains how attackers managed to download encrypted password vaults

Published: June 5, 2026 • 1:32 AM IST · Updated: June 5, 2026 • 4:50 AM ISTBy TheBriefWire Editorial Team

Key points

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to recover as many encrypted password vaults as possible.
The password manager provider said fewer than 20 personal user vaults were downloaded before it shut down the operation.
In a campaign that started Sunday, the unknown threat actor abused the mechanism that allows Dashlane users to add new devices, such as computers or phones, to their accounts.
By abusing Dashlane’s programming interfaces for device enrollment, the attackers sent requests to large numbers of existing users’ registered email addresses.
In an update published Thursday, Dashlane wrote The threat actor targeted the API endpoints for device registration and used a brute force attack to send a large volume of automated requests to those endpoints.

Published June 5, 2026.

📌 Source: Dan Goodin

The BriefWire