Dashlane had a rough weekend. The popular password manager suspended a number of customer accounts after a wave of brute-force attacks hit its platform, triggering automatic security responses across multiple user profiles.
The company did not reveal the exact scale of the attack, but scores of users flooded social media with questions after receiving unexpected account suspension emails.
Attackers target Dashlane users with device registration attempts
The suspension emails gave customers a clear picture of what happened. According to Dashlane, someone had tried to register a new device on affected accounts and repeatedly entered the wrong authentication token. The company suspended those accounts as a precaution, and each email included instructions on how to contact customer support and restore access.
The attacks kicked off on Sunday afternoon. Dashlane’s team immediately went to work, and the company’s status page later confirmed that the team wrapped up its investigation by Sunday evening, restoring all impacted accounts in the process. Dashlane also pushed out a statement to users on social media, confirming that no internal systems faced any form of compromise during the incident.
Monday brought an update to the status page. Dashlane repeated the same statement it had issued the day before, but changed the incident label from “resolved” to “monitoring,” signaling the company was not yet fully confident the threat had passed.
Login attempts traced to Korea and Russia
Users did not stay quiet. Several of them reported receiving notifications about unauthorized login attempts on their accounts, with Korea and Russia appearing as the most common sources. Dashlane did not say whether any of those attempts actually broke through to a customer account.
The attacks also disrupted Dashlane’s two-factor authentication service. Some users attempted to retrieve their 2FA one-time passcodes during the incident and received error messages instead. For a platform that exists specifically to keep credentials secure, a failing 2FA system at the height of an active attack was a significant frustration.
Authentication and privacy are also at the center of Canada’s Bill C-22. The legislation would give police new surveillance powers, raising alarms about user privacy and data access.
The disruption stretched into the weekend for Dashlane’s engineering team. Catching and responding to an active brute-force campaign on a Sunday afternoon is not an ideal situation. It forced rapid action to contain the damage before the attack could spread further.
Users question the company’s silence and suspicious emails
The incident drew criticism well beyond the technical disruption itself. Many users pushed back at Dashlane for keeping its public communication minimal. The company limited its response to direct account suspension emails and individual replies on social media. It released no broad public statement through any high-visibility channel.
That silence made things worse. A number of users who received the suspension emails began questioning whether the messages were a phishing attempt rather than a legitimate notification from Dashlane. The timing made the suspicion understandable. A security-focused company sending unexpected emails during an active attack is exactly the kind of scenario bad actors try to mimic.
The emails, however, showed none of the classic phishing warning signs. They carried no suspicious links, no attachments, and came directly from a verified Dashlane domain. Still, the emails displayed an outdated Dashlane logo, and that small detail pushed some customers deeper into doubt. An official communication sporting old branding during an active security event was enough to raise eyebrows.
Dashlane’s response to this incident puts a familiar challenge on the table. A password manager stores access to nearly every account a user owns. When that platform faces a threat, clear and fast communication matters as much as the technical fix. Users did not just need their accounts back. They needed answers, and Dashlane was slow to provide them publicly.
