Norton LifeLock’s Password Manager accounts breached

Share post:

Customers of Norton LifeLock were victims of a credential-stuffing attack after cyberattackers broke into Norton accounts and password managers using a third-party list of stolen username and password combinations.

Gen Digital, Norton LifeLock’s parent company, stated in a customer notice that the likely source was a credential stuffing attack, in which previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords, rather than a compromise of its systems. As a result, two-factor authentication, as provided by Norton LifeLock, is recommended, as it prevents attackers from accessing someone’s account using only their password.

“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said.

According to a letter sample shared with the Office of the Vermont Attorney General, the attacks were the result of account compromise on other platforms rather than a breach on the company. According to the notice, an attacker attempted to log in to Norton customer accounts around December 1, 2022, using username and password pairs purchased from the dark web.

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers were able to obtain names, phone numbers, and mailing addresses from any successful Norton accounts.

The sources for this piece include an article in TechCrunch.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways