Dashlane API Token
Service Name: Dashlane
Service Description: Dashlane is a password management service that helps users store and manage their passwords, personal information, and other sensitive data securely across multiple devices and platforms.
Service Address: https://www.dashlane.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level for Dashlane Business accounts.
Secret Access Scope: Grants programmatic access to Dashlane's API, allowing applications to interact with Dashlane services, manage passwords, and access user data based on permissions granted.
Secret Revokement URL: https://app.dashlane.com/settings/security
Secret Example: DAPI_01234567-89ab-cdef-0123-456789abcdef
Suspicious Activity Investigation Instructions:
- Review Dashlane account activity logs for unauthorized access or suspicious operations
- Check for unknown devices or locations accessing the account
- Monitor for unexpected password changes or exports
- Review API usage patterns for abnormal behavior or data access
- Check for unauthorized applications connected to your Dashlane account
Mitigation Instructions:
- Log in to your Dashlane account at https://app.dashlane.com/
-
Navigate to Settings > Security
-
Locate the API tokens section and revoke the compromised token
- Generate a new API token if needed
- Enable two-factor authentication if not already active
- Review and update your master password
- Check for and remove any unauthorized devices from your account
- Consider implementing IP restrictions for your Dashlane Business account
- Review audit logs to understand the scope of potential compromise