According to a recent data breach alert from the firm, thousands of Norton LifeLock customers had their accounts hacked in recent weeks, potentially giving criminal hackers access to their password managers.
In a notice to customers, Gen Digital, the parent company of Norton LifeLock, stated that a credential stuffing attack was more likely to be to blame than a system compromise. In this type of attack, credentials that have already been compromised or exposed are used to access accounts on various websites and services that use the same passwords. Since it prevents attackers from accessing a customer’s data with just their password, Norton LifeLock advises two-factor authentication.
The business claimed that it discovered the accounts had been compromised as early as December 1, around two weeks before its systems discovered a “large volume” of unsuccessful login attempts to customer accounts on December 12.
“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said. Because the firm cannot completely rule out the possibility that the intruders also acquired the customers’ saved passwords, the alert was delivered to customers whom it suspects utilise its password manager service.
Norton LifeLock offers cybersecurity services
Approximately 6,450 clients whose accounts were compromised, according to Gen Digital, received warnings. Norton LifeLock offers cybersecurity and identity protection services. It’s the most recent instance of customer password theft in recent memory. LastPass, a leading provider of password managers, acknowledged a data breach earlier this year in which hackers gained access to its cloud storage and stole the encrypted password vaults of millions of users.
Passwordstate, a well-known enterprise password management, was hacked in 2021, allowing hackers to spread a malicious software update to users and collect user passwords. However, as long as the necessary safeguards and protections are put in place to minimise the effects of a breach, password managers are still frequently advised by security experts to create and store unique passwords.
Customers received data breach notifications from NortonLifeLock earlier this year, alerting them to successful credential-stuffing assaults on Norton Password Manager accounts.
According to the letter, the attacks resulted from account compromise on other platforms rather than a breach at the organisation.
The notification said that, around December 1, 2022, an attacker tried to hack into Norton customer accounts. The hacker was using username and password pairs they had purchased from the dark web.