Dashlane password manager announced that the encrypted vaults of several dozen customers were compromised following a cyberattack over the weekend. According to a statement on the company's official website, attackers bypassed the two-factor authentication (2FA) system and managed to access approximately 20 user accounts. This was reported by Techcrunch.com reports .
Hackers used automated software to perform brute-force attacks, guessing short-term security codes. As a result, they downloaded copies of the encrypted passwords and other sensitive data belonging to the targeted customers. Dashlane stated there is no evidence that its systems were fully breached, but has not yet disclosed exactly how the 2FA protection was bypassed.
According to company representatives, the stolen vaults are unreadable without the user's master password. Dashlane does not store these passwords in plain text, but users with simple and easily guessable master passwords remain at high risk. The 20 affected customers have been notified of the incident.
This incident recalls the major data breach that occurred at LastPass in 2022. At that time, hackers also obtained encrypted vaults and compromised accounts with weak passwords, leading to the theft of users' cryptocurrency funds. Dashlane emphasizes that it has strengthened security measures to prevent such incidents in the future.
Read “Zamin” on Telegram!
