Dashlane users locked out by brute-force attacks

A wave of brute-force attacks has locked multiple Dashlane users out of their accounts, with attackers attempting logins from distant locations and unrecognized devices. The password manager service has not yet issued a public statement detailing the scope or root cause of the incident.

The attacks appear to target user accounts in bulk, triggering automated lockouts when failed login attempts exceed threshold limits. Affected users report being unable to access stored credentials, raising concerns about account recovery and potential data exposure.

Technical analysis suggests attackers are leveraging credential stuffing or brute-force techniques against Dashlane's authentication endpoints. No specific CVE identifier has been assigned, and indications of compromise remain limited to abnormal login geolocation and device fingerprint mismatches.

Dashlane has not released a formal patch or workaround. Users experiencing lockouts are advised to contact support directly and enable multi-factor authentication if not already active. The company's response timeline remains unclear.

The incident underscores ongoing risks to password manager platforms, which centralize credential storage and become high-value targets for attackers. No threat actor has claimed responsibility, and attribution efforts are preliminary.