Yo, check this out. Dashlane just dropped some news about a pretty classic attack vector: brute force against 2FA. Apparently, some hackers managed to snag the password vaults of about 20 users.<br> <br> The kicker here is *how* they did it. Dashlane says the attackers weren't breaking into their main servers; instead, they were hammering the two-factor authentication (2FA) system with automated software, trying every possible combination of numbers to guess the passcode. The goal wasn't to steal the vault itself (which is encrypted unless you have the Master Password), but to use those successful guesses to register new devices on those existing user accounts. Pretty slick little exploit.<br> <br> The good news is Dashlane's security controls actually kicked in, locking down the accounts because of the sheer volume of login attempts. They also confirmed that traffic from the threat actors has been blocked.<br> <br> It’s a good reminder that even with solid systems, 2FA is the weak link if it's poorly implemented or relies on predictable inputs. People need to keep that Master Password strong and definitely double-check which devices are linked to their accounts.<br> <br> Source: https://www.engadget.com/2186075/dashlane-says-hackers-stole-password-vaults-via-a-brute-force-attack/