Norton LifeLock’s Password Manager accounts breached

Share post:

Customers of Norton LifeLock were victims of a credential-stuffing attack after cyberattackers broke into Norton accounts and password managers using a third-party list of stolen username and password combinations.

Gen Digital, Norton LifeLock’s parent company, stated in a customer notice that the likely source was a credential stuffing attack, in which previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords, rather than a compromise of its systems. As a result, two-factor authentication, as provided by Norton LifeLock, is recommended, as it prevents attackers from accessing someone’s account using only their password.

“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said.

According to a letter sample shared with the Office of the Vermont Attorney General, the attacks were the result of account compromise on other platforms rather than a breach on the company. According to the notice, an attacker attempted to log in to Norton customer accounts around December 1, 2022, using username and password pairs purchased from the dark web.

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers were able to obtain names, phone numbers, and mailing addresses from any successful Norton accounts.

The sources for this piece include an article in TechCrunch.

Featured Tech Jobs



Related articles

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Toyota discloses customer data breach

Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available...

Critical Vulnerability found in MOVEit

Progress Software has warned about a critical vulnerability in its popular file-transfer software, MOVEit, which could allow malicious...

Canadian Defence Minister concerned over increasing cyberattacks

Canadian Defence Minister Anita Anand has issued a warning that the country's key infrastructure is more vulnerable to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways