Dashlane disclosed that attackers exploited its device enrollment API in a coordinated attack, successfully downloading encrypted password vaults from fewer than 20 personal accounts. The attackers used brute force methods to generate valid registration tokens, bypassing security measures. While Dashlane's automated systems locked targeted accounts, the incident highlights vulnerabilities in the device registration process.
Background
Password managers like Dashlane store encrypted user credentials and are considered essential security tools, making any breach particularly concerning. Device enrollment is a critical security process that allows users to add new devices to their accounts while maintaining security.
- Source
- Ars Technica
- Published
- Jun 5, 2026 at 04:02 AM
- Score
- 7.0 / 10