Password manager Dashlane has confirmed that it preemptively disabled a number of user accounts following a wave of brute-force attacks that began on Sunday afternoon. The company stated that its automatic security protocols triggered the suspensions after detecting unauthorized attempts to register new devices on customer accounts.
According to www.theregister.com, affected users received automated emails explaining the lockdown. The notifications stated: “Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn't enter the correct token after several tries.”
Dashlane claimed that its internal systems remained secure throughout the incident. The company reported that it finished investigating the matter by Sunday evening and had restored access for the affected users. However, as of Monday morning, the company’s status page had shifted the incident’s classification from “resolved” to “monitoring,” suggesting that the threat of further automated attempts persists.
Security gaps and user confusion
The attack caused significant friction for users, with many reporting issues beyond the account locks. Some customers noted that they were unable to use the service's two-factor authentication (2FA) codes, receiving error messages when attempting to verify their identities. Reports indicated that many of the unauthorized login attempts originated from IP addresses in Russia and Korea.
Communication regarding the incident drew criticism from the user base. Dashlane relied primarily on direct emails to those affected and limited social media responses, opting against a high-visibility public disclosure. This lack of clear, centralized communication led some users to question whether the suspension emails were a sophisticated phishing attempt.
While the emails contained no suspicious links or attachments and originated from a legitimate Dashlane domain, some customers expressed concern that the messages featured an outdated company logo. Dashlane has not yet provided specific figures regarding the number of accounts compromised or the total number of suspension notices sent out.
Security analysts cited by the outlet noted that these incidents highlight the ongoing vulnerabilities in traditional password management architectures. Dashlane continues to work through the monitoring phase of the incident as it faces scrutiny over its handling of the emergency.
