Dashlane reported that attackers launched a sophisticated campaign to access encrypted password vaults, but quickly faced setbacks. The hackers managed to download fewer than 20 personal user vaults before their efforts were thwarted.

The attack began on Sunday when the threat actor exploited Dashlane’s device registration process through automated requests sent to users’ email addresses. By abusing API endpoints for device enrollment, they aimed to bypass security checks and gain unauthorized access to accounts.

When a user adds a new device to their account, Dashlane verifies the user's identity via a one-time six-digit token sent to the registered email address or through an authentication app. Without entering this code on the enrolling device, no encrypted vault data is accessible, ensuring that even if tokens were generated, they remained useless.

Dashlane’s automated security systems proved effective in locking out compromised accounts as soon as suspicious activity was detected. This rapid response prevented further breaches and minimized damage. The incident highlights the complexity of cybersecurity, where both attackers' tactics and defenders' strategies must constantly evolve to stay ahead.