Dashlane Suspends Accounts Amid Brute-Force Attacks Targeting Customer Logins
Password manager Dashlane temporarily suspended customer accounts over the weekend after detecting brute-force login attempts, primarily originating from Korea and Russia.
Password manager Dashlane disabled a number of user accounts over the weekend as a precaution against a wave of brute-force attacks targeting customer logins. The company confirmed the incident on its status page, stating that it had investigated and restored all affected accounts by Sunday evening. However, an update on Monday morning changed the incident status from "resolved" to "monitoring," suggesting the situation may not yet be fully contained.
The attacks began on Sunday afternoon, prompting Dashlane to suspend accounts that appeared to be under active brute-force attempts. Affected users received emails stating: "Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn't enter the correct token after several tries." The emails instructed users to contact customer support to regain access. In a statement shared with affected users via social media, Dashlane confirmed there was no compromise of its internal systems — the attacks were limited to customer-facing login portals.
Several users reported receiving unauthorized login attempt notifications from various countries, with Korea and Russia being the most commonly cited origins. Dashlane did not specify whether any account takeovers successfully occurred. The company also did not disclose the scale of the attack, though scores of users publicly queried the reason for the account suspension emails on social media platforms.
Dashlane's response involved suspending accounts and its two-factor authentication (2FA) service. Some users reported encountering errors when trying to use Dashlane's 2FA one-time passcodes during the incident — entering the code would return an error, preventing them from accessing their vaults. This side effect compounded frustration among customers who were already locked out of their accounts.
The company faced criticism for its communication strategy. Aside from the direct account suspension emails and replies to some users on social media, Dashlane did not issue any high-visibility public disclosure about the attacks. Some users initially questioned whether the account suspension emails were a phishing attempt, but the emails showed no hallmarks of phishing — they contained no suspicious links, no attachments, and were sent from a legitimate Dashlane domain. However, the emails used an older Dashlane logo, which exacerbated some customers' suspicions.
The incident highlights the challenges password managers face as high-value targets for attackers. With millions of users storing sensitive credentials behind a single login, brute-force attacks remain a persistent threat. Dashlane's decision to proactively suspend accounts rather than risk compromise reflects a security-first approach, but the lack of real-time public communication left many users confused and frustrated. The Register has contacted Dashlane for more information on the incident and any additional mitigation measures taken.
A new report confirms the brute-force barrage began May 31 and that Dashlane's automated security lockouts — triggered after repeated incorrect device registration tokens — are the root cause of the suspensions. The company has not disclosed how many accounts were affected or whether any were successfully compromised, and affected users are being directed to contact customer support to restore access. The incident primarily targeted logins with origins in Korea and Russia, though Dashlane has not provided attribution or a timeline for full restoration.