GoKawiilMultiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices.
In a statement to BleepingComputer, the password management service confirmed that the suspensions were part of an automated security response designed to protect against account hijacking.
“We can confirm that certain Dashlane user accounts were targeted in a brute force attack by an external party, resulting in the suspension of those accounts as part of Dashlane’s built-in security controls. The affected accounts have now been unsuspended,” stated Jordan Fylolenko, Dashlane Senior Director of Corporate Communications.
“Our team is actively engaged in this issue and taking measures to further protect customers. There is no evidence of compromise of Dashlane’s systems.”
Worried Dashlane users reported earlier today on Reddit that they received notices of suspicious access requests from foreign countries. The emails contained verification codes for legitimate account owners to register new devices.
Emails sent to impacted account holders
Source: Reddit
Many users were confused because they had not initiated the requests and tried to confirm if the communication was part of a phishing attempt targeting Dashlane users.
A few hours later, Dashlane responded to some of these Reddit threads, saying that its systems were safe and the action was triggered by brute-force attacks, which seek to gain access to an account by trying multiple passwords in succession until the correct one is found.
Secure platforms implement protection measures such as rate limiting, CAPTCHA challenges, and account lockouts to block automated attacks after a threshold of failed attempts is reached.
... continue reading