Overview
- Dashlane confirmed on May 31 that an external brute-force campaign targeted certain user accounts and triggered automatic suspensions as a built-in defense.
- Many users received suspension emails and reported problems logging in after master-password resets because the company’s email notification and two-factor systems were disrupted.
- Dashlane’s engineering teams investigated the incident, unsuspended impacted accounts, and said there is no evidence its systems were compromised.
- Users criticized the company’s communications on Reddit because suspension emails arrived before a full public explanation and left some unsure whether notices were legitimate.
- Brute-force and credential-stuffing attacks commonly reuse leaked passwords, so affected users should confirm two-factor authentication is enabled and watch for further updates as Dashlane monitors residual issues.