Password manager Dashlane has confirmed that it has suffered a brute-force attack. The incident took place on May 31, 2026, when an unknown threat actor attempted to bypass two-factor authentication (2FA) and add new devices to existing user accounts.
Dashlane said its security systems detected a large number of login attempts, leading to temporary account suspensions and authentication problems for some users.
"We can confirm that certain Dashlane user accounts were targeted in a brute force attack by an external party, resulting in the suspension of those accounts as part of Dashlane’s built-in security measures. The affected accounts have now been unsuspended," the company said.
Dashlane said it has contacted all affected users directly. The company added that users who did not receive a notification about vault risk were not impacted by the incident.
As a precaution, Dashlane recommends users review registered devices on their accounts, remove any unfamiliar devices, enable two-factor authentication, and use a strong, unique master password.