Password manager Dashlane disclosed that encrypted vaults belonging to 20 users were stolen, but the company has released few details about the incident or its cause.
Dashlane issued a security advisory confirming that attackers accessed encrypted vaults from a small subset of its user base. The company did not specify when the theft occurred, how attackers gained access, or what information the vaults contained.
In the advisory, Dashlane stated that the affected vaults remained encrypted and that the company had no evidence of decryption. The password manager emphasized that its encryption standards remain unchanged and that users should not face immediate risk from the theft.
However, Dashlane declined to answer direct questions about the incident. The company has not disclosed whether it notified affected users, what investigation it conducted, or whether law enforcement was involved. A request for additional details went unanswered.
The sparse disclosure raises questions about Dashlane's transparency practices. Security experts typically expect companies to provide timelines, affected user counts, and details about remediation steps taken after a breach. Dashlane's refusal to elaborate on these points limits users' ability to assess their own risk.
Password managers hold sensitive authentication data, making them high-value targets. A breach affecting even a small number of vaults can have significant consequences if encryption proves vulnerable or if users reuse credentials across services.
Dashlane's silence stands in contrast to standard security disclosure practices, where companies typically provide affected parties with actionable information. The lack of detail may heighten user concerns about what actually occurred and whether the company fully understands the scope of the incident.
Users should monitor their accounts for unauthorized access. Those with Dashlane vaults may consider changing passwords for critical services and reviewing account activity for signs of compromise.
Top AI executives including Sam Altman and Demis Hassabis are calling on Congress to mandate synthetic DNA screening, warning that AI systems now exceed PhD-level virologist capabilities and pose biosecurity risks.
A Chinese-speaking cybercrime group has expanded operations into Europe, deploying previously undocumented malware alongside the Atlas backdoor. The campaign marks a geographic shift in the group's targeting strategy.
The federal government has stopped providing classified briefings and certain cybersecurity services to state election officials, cutting off critical threat intelligence during a sensitive period.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting vulnerabilities in the Linux kernel and Android operating system. Organizations and users are urged to apply patches immediately.