HIGH
Dashlane Brute-Force Attack Leads to Encrypted Vault Downloads
Password manager Dashlane has disclosed that a brute-force attack against its service led to the download of a limited number of encrypted user vaults. Dashlane’s automated security systems detected the attack and locked affected accounts to limit further exposure. While the vaults are encrypted, attackers in possession of them can mount offline cracking attacks — a significant risk for accounts protected by weak master passwords. Dashlane has not disclosed the number of affected accounts. Affected users should rotate their master password and enable multi-factor authentication immediately.