Password manager Dashlane has disclosed how attackers successfully downloaded encrypted password vaults from its users by targeting large numbers of accounts to increase odds of success.
Dashlane published a detailed explanation of the breach affecting a portion of its user base, clarifying the mechanics of how attackers obtained encrypted vault files.
The company confirmed that attackers used a brute-force approach, targeting many user accounts simultaneously. This mass-scale strategy allowed them to bypass security measures through sheer volume, increasing the statistical likelihood of gaining access to at least some accounts.
The attackers downloaded encrypted password vaults—files containing usernames, passwords, and other sensitive data stored in encrypted form. However, Dashlane emphasized that the vaults remain encrypted and inaccessible without the master password.
"The attackers obtained encrypted vault files, not plaintext passwords," Dashlane stated in its explanation. The company stressed that its encryption architecture means stolen vaults alone cannot expose user credentials unless attackers successfully crack the encryption or obtain master passwords through other means.
Dashlane recommended affected users reset their master passwords and enable two-factor authentication. The company also suggested users monitor their accounts for suspicious activity and change passwords for critical accounts accessed through the platform.
The password manager did not disclose the exact number of users impacted or provide a precise timeline for when the breach occurred. Dashlane has been working with security researchers and law enforcement to investigate the incident.
This breach highlights the ongoing security risks even for password managers, which face significant pressure from attackers seeking to compromise high-value targets. While Dashlane's encryption provided a protective layer, the compromise of encrypted vaults—even without immediate decryption—represents a security incident that could pose risks if attackers gain computational resources to crack encryption or obtain additional information.
The Windows version of Hola Browser has been targeted in a supply chain attack that injected an undeclared cryptocurrency miner into the application. Researchers identified the malicious executable embedded within the browser distribution.
Cisco has disclosed a high-severity zero-day vulnerability in its Catalyst SD-WAN Manager that attackers are actively exploiting to gain root-level access. The flaw remains unpatched.
A new Magecart skimming operation is leveraging Stripe's API infrastructure to both deliver card-stealing malware and exfiltrate payment data from compromised checkout pages.
A former IBM cybersecurity executive filed a lawsuit alleging that IBM and AT&T concealed repeated foreign hacker breaches from US government authorities, violating disclosure laws.