{"generator":"GNU social 2.0.2-dev","title":"Conversation","totalItems":4,"items":[{"actor":{"id":"https:\/\/infosec.exchange\/users\/briankrebs","displayName":"BrianKrebs","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/21764-original-tmp20231104212340.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/21764-96-20231108132353.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/21764-48-20231108132353.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/21764-24-20231108132353.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"21764"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/21764-96-20231108132353.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .comLinkedin: https:\/\/www.linkedin.com\/in\/bkrebs","url":"https:\/\/infosec.exchange\/@briankrebs","portablecontacts_net":{"preferredUsername":"briankrebs","displayName":"BrianKrebs","note":"Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .comLinkedin: https:\/\/www.linkedin.com\/in\/bkrebs"}},"content":"

@dalias<\/a> They got access to 20 encrypted vaults. They'd still have to work out the master password for those targeted accounts. Theoretically, that could be done offline, as happened w\/ the breach at LastPass, but it took many months for a lot of those stolen vaults to be cracked.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-06-04:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/infosec.exchange\/users\/briankrebs\/statuses\/116686026368876910","object":{"id":"https:\/\/infosec.exchange\/users\/briankrebs\/statuses\/116686026368876910","objectType":"note","content":"

@dalias<\/a> They got access to 20 encrypted vaults. They'd still have to work out the master password for those targeted accounts. Theoretically, that could be done offline, as happened w\/ the breach at LastPass, but it took many months for a lot of those stolen vaults to be cracked.<\/p>","url":"https:\/\/infosec.exchange\/@briankrebs\/116686026368876910","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/116686020309881307","url":"https:\/\/hachyderm.io\/@dalias\/116686020309881307"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/hachyderm.io\/users\/dalias"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-06-03:objectType=thread:nonce=889d481a78f1aa13","notice_info":{"local_id":"12696130","source":"ActivityPub"}},"published":"2026-06-03T11:54:09+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/infosec.exchange\/@briankrebs\/116686026368876910"},{"actor":{"id":"https:\/\/hachyderm.io\/users\/dalias","displayName":"Rich Felker","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/40873-original-tmp20221202140938.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-48-20221207231635.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-24-20221207231635.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"40873"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa","url":"https:\/\/hachyderm.io\/@dalias","portablecontacts_net":{"preferredUsername":"dalias","displayName":"Rich Felker","note":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa"}},"content":"

@briankrebs<\/a> Ahhh, that makes sense. So if they have strong passphrases, nothing. But if weak, crackable offline with big resources.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-06-04:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/116686038364072886","object":{"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/116686038364072886","objectType":"note","content":"

@briankrebs<\/a> Ahhh, that makes sense. So if they have strong passphrases, nothing. But if weak, crackable offline with big resources.<\/p>","url":"https:\/\/hachyderm.io\/@dalias\/116686038364072886","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/infosec.exchange\/users\/briankrebs\/statuses\/116686026368876910","url":"https:\/\/infosec.exchange\/@briankrebs\/116686026368876910"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/infosec.exchange\/users\/briankrebs"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-06-03:objectType=thread:nonce=889d481a78f1aa13","notice_info":{"local_id":"12696131","source":"ActivityPub"}},"published":"2026-06-03T11:54:08+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/hachyderm.io\/@dalias\/116686038364072886"},{"actor":{"id":"https:\/\/infosec.exchange\/users\/briankrebs","displayName":"BrianKrebs","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/21764-original-tmp20231104212340.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/21764-96-20231108132353.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/21764-48-20231108132353.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/21764-24-20231108132353.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"21764"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/21764-96-20231108132353.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .comLinkedin: https:\/\/www.linkedin.com\/in\/bkrebs","url":"https:\/\/infosec.exchange\/@briankrebs","portablecontacts_net":{"preferredUsername":"briankrebs","displayName":"BrianKrebs","note":"Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .comLinkedin: https:\/\/www.linkedin.com\/in\/bkrebs"}},"content":"

RE: https:\/\/infosec.exchange\/@briankrebs\/116670688015956223<\/a><\/p>

Dashlane posted an update saying hackers brute-forced its two-factor authentication system, and gained access to the encrypted password vaults for \"fewer than 20 personal plan users.\" Dashlane said there was no evidence of a hack of its own systems, but it hasn't shared yet why or how that 2FA was compromised. The company said \u201cthe goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts,\u201d and that it has already notified affected users.<\/p>

https:\/\/support.dashlane.com\/hc\/en-us\/articles\/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts?7194ef805fa2d04b0f7e8c9521f97343<\/a><\/p>","generator":{"id":"tag:gnusocial.jp,2026-06-04:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/infosec.exchange\/users\/briankrebs\/statuses\/116685926861544836","object":{"id":"https:\/\/infosec.exchange\/users\/briankrebs\/statuses\/116685926861544836","objectType":"note","content":"

RE: https:\/\/infosec.exchange\/@briankrebs\/116670688015956223<\/a><\/p>

Dashlane posted an update saying hackers brute-forced its two-factor authentication system, and gained access to the encrypted password vaults for \"fewer than 20 personal plan users.\" Dashlane said there was no evidence of a hack of its own systems, but it hasn't shared yet why or how that 2FA was compromised. The company said \u201cthe goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts,\u201d and that it has already notified affected users.<\/p>

https:\/\/support.dashlane.com\/hc\/en-us\/articles\/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts?7194ef805fa2d04b0f7e8c9521f97343<\/a><\/p>","url":"https:\/\/infosec.exchange\/@briankrebs\/116685926861544836","status_net":{"notice_id":null}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-06-03:objectType=thread:nonce=889d481a78f1aa13","notice_info":{"local_id":"12696116","source":"ActivityPub"}},"published":"2026-06-03T11:49:56+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/infosec.exchange\/@briankrebs\/116685926861544836"},{"actor":{"id":"https:\/\/hachyderm.io\/users\/dalias","displayName":"Rich Felker","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/40873-original-tmp20221202140938.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-48-20221207231635.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-24-20221207231635.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"40873"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa","url":"https:\/\/hachyderm.io\/@dalias","portablecontacts_net":{"preferredUsername":"dalias","displayName":"Rich Felker","note":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa"}},"content":"

@briankrebs<\/a> \"gained access to the encrypted password vaults\" sounds like they weren't encrypted.<\/p>

Unless they mean the attackers only gained access to what amounts to random bits.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-06-04:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/116686020309881307","object":{"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/116686020309881307","objectType":"note","content":"

@briankrebs<\/a> \"gained access to the encrypted password vaults\" sounds like they weren't encrypted.<\/p>

Unless they mean the attackers only gained access to what amounts to random bits.<\/p>","url":"https:\/\/hachyderm.io\/@dalias\/116686020309881307","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/infosec.exchange\/users\/briankrebs\/statuses\/116685926861544836","url":"https:\/\/infosec.exchange\/@briankrebs\/116685926861544836"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/infosec.exchange\/users\/briankrebs"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-06-03:objectType=thread:nonce=889d481a78f1aa13","notice_info":{"local_id":"12696117","source":"ActivityPub"}},"published":"2026-06-03T11:49:55+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/hachyderm.io\/@dalias\/116686020309881307"}],"links":[{"url":"https:\/\/gnusocial.jp\/conversation\/6449394","rel":"alternate","type":"text\/html"}]}