Attackers pulled off a feat that seemed nearly impossible: they cracked the vault of one of the most secure password managers on the market. Dashlane, which boasts over 15 million users, disclosed that unknown hackers managed to download encrypted password vaults from fewer than 20 personal accounts before the company shut down the operation. The breach, which began on Sunday, May 31, 2026, exploited the mechanism that allows users to add new devices to their accounts. While the number of compromised vaults is small, the methodology has sent shockwaves through the cybersecurity industry.

The Big Picture

Dashlane Breach: 20 Password Vaults Stolen in Coordinated Attack Expos

This wasn't a random smash-and-grab. It was a coordinated campaign that abused Dashlane's application programming interfaces (APIs) for device enrollment. The attackers sent a high volume of automated requests to registered email addresses, using brute force to generate valid verification tokens. Dashlane's automated security systems locked most targeted accounts, but not before the attackers gained access to fewer than 20 vaults. The company detected the anomalous activity on Monday, June 1, and closed the breach within hours.

data center servers with blinking lights in a dark room
data center servers with blinking lights in a dark room

The attack flow reveals a fundamental vulnerability in email-based authentication. When a user installs Dashlane on a new device, the app sends a six-digit code to the registered email. The attackers brute-forced their way into generating valid tokens for those accounts, bypassing identity verification. While the number of compromised vaults is small, the incident underscores the fragility of systems that rely solely on email as an authentication factor. The attackers' success rate was low: out of thousands of attempts, they only breached fewer than 20 accounts, but the mere fact that they succeeded is alarming.