Dear Dashlane user,
In the last few days, we released a security update following a report from Tavis Ormandy, a security researcher from the Google Security Team. Tavis brought to our attention a potential security vulnerability in our browser extensions, which is corrected by this update.
For the protection of our customers, Dashlane generally does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary patches or releases are available.
Please note: Our Security investigation confirmed that the vulnerability did not compromise the personal data you store in Dashlane; that data remains safe and unaffected. The vulnerability had the potential to affect a very small portion of our users, with no way for an attacker to know in advance if a user is affected.
As noted above, this issue has been addressed in our latest updates. Our Security team completed a full investigation and found no instances where this had been exploited.
Our user’s privacy and security is the cornerstone of Dashlane and we will continue to protect our user’s information with industry-leading security policies and a patented security architecture, both of which you can read about here.
To improve your online security, we recommend observing the following best practices:
- Beware of phishing attacks and scams. Do not click on links or download attachments received from unknown sources. Also, read our blog post on how to protect yourself from phishing scams for more information and helpful tips.
- Practice good password hygiene. Keep an eye on your password health via Dashlane’s Security Dashboard. Regularly look for and change re-used and compromised passwords, and create strong, unique passwords for all of your accounts.
- Never disclose your Master Password to anyone, including us. For your security, as well as ours, we never store your Master Password–or any of its derivatives–anywhere on our servers. We recommend creating a strong Master Password and using these tips to help you remember your Master Password.
- Use an up-to-date security program. To maximize your security, keep all software—including Dashlane—updated on your machine, and install anti-virus and anti-malware software on both desktop and mobile devices.
- Enable two-factor authentication. Add an extra layer of protection to your online accounts by enabling two-factor authentication within Dashlane and other supported websites and applications.
Dashlane continues to lead the industry in security. We encourage you to read our Security White Paper to learn more about the rigorous standards Dashlane uses to protect user data.