According to a recent data breach alert from the firm, thousands of Norton LifeLock customers had their accounts hijacked in recent weeks, potentially giving criminal hackers access to their password managers.
In a notice to customers, Gen Digital, the parent company of Norton LifeLock, stated that a credential stuffing attack was more likely to be to blame than a system compromise. In this type of attack, credentials that have already been compromised or exposed are used to access accounts on various websites and services that use the same passwords. Because it prevents attackers from accessing a user’s account with just their password, two-factor authentication, which Norton LifeLock provides, is advised.
The business claimed that it discovered the accounts had been compromised as early as December 1, around two weeks before its systems discovered a “high volume” of unsuccessful login attempts to client accounts on December 12.
The data breach report stated that “by logging into your account with your username and password, the unauthorized third party may have seen your first name, last name, phone number, and mailing address.” Because the firm cannot completely rule out the possibility that the intruders also acquired the customers’ saved passwords, the alert was delivered to customers who it suspects utilize its password manager service.
Approximately 6,450 clients whose accounts were compromised, according to Gen Digital, received warnings.
Identity theft protection and cybersecurity services are offered by Norton LifeLock. It’s the most recent instance of password theft from customers in recent memory. LastPass, a leading provider of password managers, acknowledged a data breach earlier this year in which hackers gained access to its cloud storage and stole the encrypted password vaults of millions of users. Passwordstate, a well-known enterprise password management, was hacked in 2021, allowing hackers to spread a malicious software update to users and collect passwords from users.
However, as long as the necessary safeguards and protections are put in place to minimize the effects of a breach, password managers are still frequently advised by security experts for creating and storing unique passwords.