Dashlane Attack Raises A Hard Question For Midmarket IT: Is MFA Enough?

This wasn’t a breach—it was an identity attack.

Password management company Dashlane recently confirmed it had suffered a brute-force attack that targeted six-digit 2FA codes.

Attackers Targeted Authentication, Not Platform

The incident reinforces a growing reality: Attackers aren’t just targeting platforms—they’re going after how users authenticate into them.

[RELATED: Identity-Driven Attacks Are Forcing MDR Upstream—But Many ITDR Tools Aren’t Built For The Midmarket]

The company posted details about the attack on its site:

“Starting on Sunday, May 31, 2026, an external party launched a brute force attack against certain Dashlane user accounts. The goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts.”

Attackers were also able to download copies of encrypted vaults of fewer than 20 personal customer accounts. Dashlane said it worked with those customers to remediate the issue.

Why This Matters For Midmarket IT

For midmarket IT, this type of identity-focused attack highlights that multifactor authentication is no guaranteed protection, particularly as many organizations are already re-evaluating traditional MFA approaches (including shifts toward passwordless strategies). Instead, the questions become: What type of MFA is deployed in the environment, and how is it monitored, throttled and protected?

[RELATED: Midmarket Is Increasingly Going Passwordless, But Adoption Challenges Remain]

One Compromised Account Can Expose Everything

Considering that password management software works by aggregating all password credentials in a central location, one single account can potentially unlock an entire IT environment if compromised.

[RELATED: 5 Identity And Access Management Solutions For The Midmarket]

Identity Risk Is Already Widespread

That risk is already showing up at scale. Nine of 10 organizations were hit with a successful identity-related breach in the last 12 months, according to Palo Alto Networks 2026 Identity Security Landscape report. In this case, attackers used automated tools to repeatedly guess short numeric 2FA codes to register new devices on targeted accounts.

During the attack, Dashlane customers reported account lockout login issues and problems with 2FA.

Dashlane advised users to ensure that vaults are protected with a strong master password and audit any devices registered to an account.

For midmarket IT leaders, the takeaway is straightforward: Identity is now the primary attack surface. Relying on MFA alone is not enough.