Password manager Dashlane suspends customer accounts amid brute-force attacks

Password manager Dashlane has disabled a number of user accounts as a precaution amid a spate of brute force attacks. It didn't specify the scale of the attack, although scores of users have queried the reason for receiving emails informing them of account suspensions. Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn't enter the correct token after several tries," the emails read, along with instructions to contact customer support to restore access. The attacks began on Sunday afternoon and the Dashlane team said it had finished investigating the matter later that evening, restoring all affected user accounts in the process, according to its status page. In a copy-paste statement sent to a number of users via social media, Dashlane also confirmed there was no compromise of internal systems. Dashlane posted an update to its status page on Monday morning, repeating the same statement from a day earlier, but changing the incident status from "resolved" to "monitoring." Several users reported unauthorized login attempt notifications from various countries - the common culprits being Korea and Russia. Dashlane did not specify whether any attempts on customer accounts were successful. Dashlane's interventions involved suspending accounts and its two-factor authentication (2FA) service. Some users reported trying to access Dashlane's 2FA one-time passcodes, but when entering them, all that returned was an error. Some criticised the company for a lack of public comms about the attacks. Aside from the direct account suspension emails and some replies to users on social media, Dashlane has not disclosed the attack through any high-visibility channels. Users also queried whether the initial account suspension emails were a phishing attempt. But the emails showed no hallmarks of phishing as they contained no suspicious links, no attachments and were sent from a real Dashlane domain. However, the nature of the message and the fact that the emails contained an old Dashlane logo only exacerbated some customers' fears. The Register has contacted Dashlane for more information. (R)