Hackers broke into around 20 Dashlane password vaults using a brute‑force method.
Dashlane said the attackers tried millions of password combinations until they hit a small number of weak master passwords. The breached vaults belonged to users whose passphrases fell below the service’s recommended complexity. No evidence suggests the data was sold or further disseminated.
The incident spotlights the limits of brute‑force defenses in password‑manager services, especially when users choose short or predictable master passwords. It also forces enterprises to rethink mandatory complexity rules for privileged accounts.
Even a well‑known vault isn’t immune if you treat the master password like a weak door lock.