Dashlane Suspends Accounts Amid Brute-Force Attacks Targeting Customer Logins
Password manager Dashlane temporarily suspended customer accounts over the weekend after detecting brute-force login attempts, primarily originating from Korea and Russia.

Password manager Dashlane disabled a number of user accounts over the weekend as a precaution against a wave of brute-force attacks targeting customer logins. The company confirmed the incident on its status page, stating that it had investigated and restored all affected accounts by Sunday evening. However, an update on Monday morning changed the incident status from "resolved" to "monitoring," suggesting the situation may not yet be fully contained.
The attacks began on Sunday afternoon, prompting Dashlane to suspend accounts that appeared to be under active brute-force attempts. Affected users received emails stating: "Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn't enter the correct token after several tries." The emails instructed users to contact customer support to regain access. In a statement shared with affected users via social media, Dashlane confirmed there was no compromise of its internal systems — the attacks were limited to customer-facing login portals.
Several users reported receiving unauthorized login attempt notifications from various countries, with Korea and Russia being the most commonly cited origins. Dashlane did not specify whether any account takeovers successfully occurred. The company also did not disclose the scale of the attack, though scores of users publicly queried the reason for the account suspension emails on social media platforms.
Dashlane's response involved suspending accounts and its two-factor authentication (2FA) service. Some users reported encountering errors when trying to use Dashlane's 2FA one-time passcodes during the incident — entering the code would return an error, preventing them from accessing their vaults. This side effect compounded frustration among customers who were already locked out of their accounts.
The company faced criticism for its communication strategy. Aside from the direct account suspension emails and replies to some users on social media, Dashlane did not issue any high-visibility public disclosure about the attacks. Some users initially questioned whether the account suspension emails were a phishing attempt, but the emails showed no hallmarks of phishing — they contained no suspicious links, no attachments, and were sent from a legitimate Dashlane domain. However, the emails used an older Dashlane logo, which exacerbated some customers' suspicions.
The incident highlights the challenges password managers face as high-value targets for attackers. With millions of users storing sensitive credentials behind a single login, brute-force attacks remain a persistent threat. Dashlane's decision to proactively suspend accounts rather than risk compromise reflects a security-first approach, but the lack of real-time public communication left many users confused and frustrated. The Register has contacted Dashlane for more information on the incident and any additional mitigation measures taken.
A new report confirms the brute-force barrage began May 31 and that Dashlane's automated security lockouts — triggered after repeated incorrect device registration tokens — are the root cause of the suspensions. The company has not disclosed how many accounts were affected or whether any were successfully compromised, and affected users are being directed to contact customer support to restore access. The incident primarily targeted logins with origins in Korea and Russia, though Dashlane has not provided attribution or a timeline for full restoration.
While Dashlane has stated the issue is resolved and affected accounts have been unsuspended, some users continue to report login difficulties and unresponsive support. The company has not yet disclosed the number of accounts impacted by the brute-force attacks, nor has it provided further details on the specific measures being implemented to enhance customer protection beyond the existing automated security controls.
The incident has evolved beyond initial reports of brute-force attacks and account suspensions, with Dashlane now confirming that encrypted vaults belonging to fewer than 20 personal subscription users were successfully downloaded. While these vaults remain protected by user-set Master Passwords, the company is advising all users to review registered devices, enable two-factor authentication, and ensure they are using strong, unique Master Passwords.
The incident report clarifies that the brute-force attacks specifically targeted the bypass of two-factor authentication (2FA) by guessing codes, which then triggered automated defenses leading to account lockouts. While the majority of users were unaffected, encrypted vault data from fewer than 20 personal plan users was downloaded, though Dashlane asserts this data remains protected by their zero-knowledge encryption.
The attack, which began on May 31, involved threat actors attempting to brute-force two-factor authentication (2FA) to register their own devices on targeted accounts. While Dashlane's systems detected and blocked the majority of these attempts, a limited number of encrypted vaults belonging to fewer than 20 personal plan users were downloaded before the incident was fully contained. Dashlane emphasized that these vaults remain inaccessible without the user's Master Password, and there is no evidence of impact on Dashlane's internal systems.