www.it-connect.fr
Dashlane Users Hit by Suspicious Login Waves as Brute-Force Attacks Trigger Account Locks
Was Dashlane's infrastructure hacked? The answer is no. In reality, the Dashlane password manager was targeted by a large-scale brute-force attack campaign over the weekend of May 31, 2026. Here’s what we know.
Table of Contents
A flood of alerts leaves users unsure what to believe
The incident began on May 31, 2026, when many Dashlane users started receiving security alerts by email telling them that their account had been temporarily suspended. Other users saw notifications reporting login attempts coming from unusual geographic locations, including Russia.
Understandably, when a password manager is involved, this raises concerns given how critical this type of service is. One question quickly came up: were these legitimate alerts sent by Dashlane's services, or was this a phishing campaign meant to trap users? Most importantly, this was not a matter of just two or three users: there was a real wave of notifications sent to many users (which led to many posts on Reddit).
So what actually happened? The answer came directly from Dashlane.
Dashlane's response: automated security did its job
In response to the many reports, Dashlane opened an internal investigation (at 15:19 UTC on May 31) and a ticket was created on the service status page. A few hours later, after analyzing the alerts, Dashlane was able to clarify the situation.
"We can confirm that some Dashlane user accounts were targeted as part of a brute-force attack by an external third party, which resulted in those accounts being suspended as part of Dashlane's built-in security measures.", Dashlane said.
We can therefore infer the following:
- Dashlane's infrastructure was not compromised,
- The attackers attempted to log in to accounts at random (brute force), most likely using credentials (email and password) obtained from another data breach.
- Dashlane's protection mechanisms did their job by protecting users when suspicious activity was detected.
What is inconvenient is that the account ends up being blocked for security reasons, which directly affects the user. However, the upside is that the attacker can no longer keep trying to guess your password: the attack on your account is stopped.
At this point, the incident is already old news: access to suspended accounts was fully restored by the technical teams over the weekend. However, Dashlane did not disclose the exact number of users targeted by this campaign.
Best practices to protect your account
Whether you use Dashlane or another password manager, this article is a good reminder of a few best practices:
- Make sure your account master password is strong and unique.
- Enable two-factor authentication (2FA).
- Configure automatic locking of your vault after inactivity (10 minutes, for example).
- If you receive a suspension notification, check your account activity directly from the official app or the service's website, and never click the links embedded in the body of the email you received.
