Dashlane is having password vaults hacked, and the scenario is dangerously reminiscent of the LastPass disaster

A password manager is the safe where you hide all your keys. So when one of them announces a hack, it makes people cringe. According to TechCrunch, Dashlane confirmed on June 2 that attackers had managed to download a copy of the encrypted vaults of around twenty customers. The attack started on May 31, a weekend, as is often the case.

To go further

What are the best password managers in 2026?

Concretely, the hackers targeted double authentication (the famous one-time code that we receive to confirm a connection). They bombarded Dashlane's system with software that tested every possible digital combination, hoping to hit the right code before it expired. This technique, brute force, amounts to trying all the codes on a padlock faster than it resets.

Once through, they registered a new device to the account, which allowed them to sync and collect the vault. Dashlane claims that its own systems were not compromised: the attack targeted individual accounts, on personal subscriptions.

Are your passwords in danger?

This is the reassuring point: the stolen safes are encrypted and unreadable without the master password, which Dashlane never stores in plain text on its servers.

This is the principle of zero-knowledge: even the company is supposed to be incapable of opening your safe. On paper, your data remains protected even if a copy is lying around. If you haven't received a specific notification, your vault has not been downloaded.

The problem is what Dashlane slips at the end of the press release: users with an easy-to-guess master password run a higher risk. Once the copy of the vault is in their pocket, hackers can try to decrypt it offline, endlessly, without alerting anyone. No limit of attempts, no blocking. If your master password is “azerty123”, it’s only a matter of time. If it is a single long sentence, the task becomes statistically unrealistic.

The ghost of LastPass looms

It's hard not to think of LastPass, which was hacked in 2022 according to a very similar scenario. There too, the encrypted vaults had been stolen, protected only by the master password. Except that what followed was a disaster: blockchain intelligence firm TRM Labs linked at least $35 million in stolen cryptocurrencies to the cracking of these vaults, sometimes years later. American investigators even linked a $150 million heist to this leak. In November 2025, the UK Data Protection Authority fined LastPass more than 1.2 million pounds.

The difference in scale is enormous: LastPass spoke of millions of safes, Dashlane of around twenty. But the basic mechanism remains the same, and the lesson too. A stolen encrypted vault is not an immediate disaster, it is a time bomb whose timer depends on your master password. To go further, our comparison of the best password managers sorts it out, and some are even considering replacing passwords with passkeys.

If you are a Dashlane customer, the incident should not push you to give up: a manager is far preferable to the same password reused everywhere. On the other hand, this is the ideal time to check that your master password is long, unique and impossible to guess. Zero-knowledge is solid, as long as you don't leave the front door wide open.

To go further

What are the best password managers in 2026?