Can't make sense of Dashlane's vault theft notification? You're not alone.

Article excerpt

Dashlane's Monday security advisory about a breach affecting 20 encrypted vaults left security researchers and users scratching their heads. The password manager disclosed that attackers launched a brute-force attack against user accounts starting May 31, targeting two-factor authentication protections to register unauthorized devices. But the company's explanation raised more questions than answers: if the attackers successfully registered new devices, why mention only 20 vaults? How did they obtain them? The opacity prompted immediate criticism that Dashlane failed to provide the transparency users expect when their digital keys, and everything they protect, hang in the balance.