Zack Whittaker (@zackwhittaker@mastodon.social)

Personally I think Dashlane's update to its 2FA-busting data breach notice is still lackluster and doesn't explain that much beyond its original post. That said, @dangoodin does a solid job of reading between the lines and filling in the gaps. tl;dr: Bruteforcing Dashlane customer account 2FA codes was relatively easy. https://arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/