Hackers Stole Dashlane Password Vaults Without Ever Breaching Dashlane Itself
Dashlane, a password manager company, has confirmed a breach of security. The company says that hackers managed to steal some customers’ password vaults. It’s not what you think, though, as Dashlane itself was not breached.
20 password vaults were stolen in the process
So, what exactly happened? Dashlane says that hackers managed to get at least a dozen encrypted vaults used for storing customer passwords during a weekend cyberattack.
Dashlane said that hackers brute-forced the company’s two-factor authentication system. That granted them access to about 20 customer accounts. They were able to download a copy of certain customers’ encrypted vaults, which store passwords and other sensitive credentials.
The company added that there is no evidence of compromise of its own systems. “The goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts,” said the company. Dashlane added that attackers can use automated software to “rapidly submit every possible numeric combination to the system, hoping to guess the exact sequence before the short-lived [two-factor] security code expires.”
Dashlane also confirmed that it has “taken steps to mitigate the risk of future incidents,” but it did not share any details regarding that. So we don’t know exactly what those steps are.
The company also confirmed that it notified the customers whose encrypted vaults were stolen. It is still unclear whether those customers were targeted by hackers, or was that pure coincidence.
The company does say that the stolen vaults are scrambled, as a master password is needed
Dashlane did note that the stolen vaults are scrambled and cannot be read without the customer’s master password. That password is only known by the customer and is not uploaded to Dashlane in plain text.
As a reminder, back in 2022, LastPass confirmed that its customer password vault backups were stolen. That was considerably different, though, as that was an actual breach into LastPass.
The post Hackers Stole Dashlane Password Vaults Without Ever Breaching Dashlane Itself appeared first on Android Headlines.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Wow
0
Sad
0
Angry
0
Christopher Holloway is the founder and director of Progressive Robot, a UK-based technology company. A full-stack engineer with more than two decades of experience, he works across PHP development, ecommerce, Linux infrastructure, technical SEO and AI automation, and writes here on technology, AI, hardware and software.
Comments (0)