A brute-force and credential-stuffing campaign launched May 31, 2026 targeted Dashlane user accounts, triggering automated lockouts across enterprise and consumer tiers. No CVE applies — this is a credential attack against authentication endpoints, not a software vulnerability. The business risk is asymmetric: a single successfully compromised Dashlane master account exposes every credential stored in that vault, making Dashlane a high-value single point of failure in enterprise credential architecture.