Hackers Hit Dashlane Password Manager but Dash Off With Little to Show for It
By: Jim Stickley and Tina Davis
July 7, 2026
Remember all those times we’ve said to use caution when using password managers? Well, here’s one reason why. Password manager Dashlane is responding to a newly disclosed security incident after attackers targeted customer accounts in a large-scale brute-force attack. This triggered account lockouts and service disruptions for some users.
According to the company, the attack began on May 31 and focused on attempts to bypass two-factor authentication protections on selected accounts. Dashlane says its automated security controls detected the activity and temporarily suspended targeted accounts to prevent unauthorized access. Whew! The company later restored access and began investigating the scope of the attack.
While Dashlane emphasized that its infrastructure was not compromised, the company disclosed that attackers were able to download encrypted vault copies belonging to fewer than 20 personal-plan users. While that’s not a lot of people, the lesson still remains: If they had been able to get in, they’d have had the keys to your kingdom. The affected individuals have reportedly been notified directly. Dashlane stated that the vaults remain protected by users’ Master Passwords and strong encryption, making successful decryption highly unlikely. That said, when something like this happens, it’s a great idea to change your master password. Remember to make it strong and something you haven’t used anywhere else.
The incident sparked concern online as users reported receiving account suspension notices and experiencing login difficulties. Some initially feared a broader breach of Dashlane’s systems, but the company has maintained that the event was limited to targeted account attacks rather than a compromise of its servers.
For Dashlane users, now is a good time to verify that two-factor authentication is enabled and remain alert for suspicious login notifications. Security experts also recommend reviewing critical accounts for unusual activity and updating important credentials if there is any concern they may have been exposed.
The incident highlights a reality cybersecurity professionals know well: Attackers often target the front door rather than the vault itself. Even when encryption holds strong, account security remains a critical line of defense.