\n<\/p>\n
Dashlane comfrim,s brute force attack targeting users<\/span><\/p>\n getty<\/small><\/div>\n<\/div>\n<\/figure>\n Users of the Dashlane password manager have taken to social media after their accounts were disabled as a security measure following a now-confirmed brute-force hacking campaign targeting an as-yet-unknown number of account holders. Impacted users have been sent emails that read: \u201cYour account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn\u2019t enter the correct token after several tries.\u201d These users were also advised to contact customer support. The brute-force attacks appear to have started on Sunday, May 31, when Dashlane confirmed that it was investigating \u201creports from several users having received an email that their account has been suspended.\u201d Dashlane also said that some users were \u201cexperiencing difficulties in logging in to Dashlane after resetting their master password.\u201d Later the same day, Dashlane updated that status message to say that the situation had been resolved, saying that \u201ccertain Dashlane user accounts were targeted in a brute force attack by an external party, resulting in the suspension of those accounts as part of Dashlane\u2019s built-in security measures.\u201d<\/p>\n Forbes<\/span>My Password Has Been Stolen\u2014What Happens Next?<\/span>By Davey Winder<\/span><\/small><\/span><\/span><\/p>\n While it is important to note that Dashlane has stated that there is no evidence that its systems have been compromised, the incident status<\/a> has changed once again. As of June 1, it has now reverted from resolved to monitoring. I have reached out to the password manager organization for further clarification.<\/p>\n Dashlane confirms brute-force account attacks.<\/span><\/p>\n Dashlane<\/small><\/div>\n<\/div>\n<\/figure>\n A brute-force attack, also known as credential-stuffing, occurs when a threat actor uses as many username and password combinations as possible in the hope that one will unlock the account in question. Most often, the credentials being used will have come from dark web marketplaces where databases of leaked and compromised passwords are traded. <\/p>\n This is important for Dashlane users to understand, as it suggests that this incident is part of an opportunistic campaign rather than pointing to the discovery of any security vulnerability with Dashlane itself. This has been made clear by Dashlane itself in postings on X<\/a>, as well as the previously referenced status messages. <\/p>\n As well as not sharing account passwords, users are advised by Dashlane<\/a> to turn on two-factor authentication \u201cfor an extra layer of security.\u201d There is no need to delete your Dashlane account or to consider this a reason to stop using the service, as password managers remain an important piece of the better security model for most consumers. <\/p>\n<\/section>\n<\/div>\nWhat Dashlane Users Should Know About Brute Force Attacks<\/h2>\n