Dashlane explains how attackers managed to download encrypted password vaults
By targeting large numbers of users, attackers increased their chances of success.
https://arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
The hackers were able to trigger the download process for vaults on new devices for hundreds of thousands of users. Then they guessed at the pin numbers.
The article doesn't explain how the hackers knew what those account names were.
There should be a setting "Don't allow new devices". The setting can only be reached by someone with an account password (not the same as the master password).
This is the approach used on Authy.
Ars Technica
Number6 