Dashlane has confirmed that a brute-force attack over the weekend triggered a wave of account suspension emails, unusual login notifications, and authentication issues.
The password manager says the incident was caused by attacks against individual accounts rather than a breach of Dashlane's infrastructure, and affected accounts have since been restored.
The issue first surfaced on May 31, 2026, when Dashlane users began reporting unexpected security emails warning that their accounts had been suspended. Others received notifications claiming login attempts were originating from unusual locations, including Russia, while some users experienced difficulties accessing their accounts after resetting their master passwords.
According to Dashlane's status page, the company opened an investigation at 15:19 UTC on May 31 after receiving reports that users had received “account suspended” emails and were encountering login issues. Several hours later, at 17:50 UTC, the company said its engineering teams were still investigating the notifications and working to determine their root cause.
The incident affected Dashlane's email notification and two-factor authentication (2FA) systems, according to the status page.
Dashlane is a password management service that stores and synchronizes credentials, secure notes, payment information, and other sensitive data across devices. Because password managers act as centralized repositories for users' online accounts, unexpected security alerts from such services often generate significant concern among customers worried about potential account compromise.
As reports spread, users turned to Reddit seeking clarification, questioning whether the emails stating their accounts had been temporarily suspended were a phishing attempt. Other users reported receiving emails containing new device verification codes and warnings about login attempts from unusual countries.
Dashlane eventually responded to some of these threads, saying the alerts were connected to an external brute-force campaign targeting certain customer accounts.
“We can confirm that certain Dashlane user accounts were targeted in a brute force attack by an external party, resulting in the suspension of those accounts as part of Dashlane's built-in security measures,” the company stated.
Dashlane added that the suspended accounts have been unsuspended and that there is currently no evidence that the company's systems were compromised.
The firm has not disclosed how many accounts were targeted, and our requests for more info have gone unanswered so far. Users should ensure their Dashlane master password is unique and strong, enable two-factor authentication when available, and remain cautious about unexpected security emails. Anyone who received account suspension notifications should verify account activity directly through the official Dashlane application or website rather than relying on links embedded in email messages.
Leave a Reply