NortonLifeLock warns thousands of Password Manager accounts accessed by hackers
Data breach notifications are being sent out to customers of Gen Digital (formerly Symantec Corp. And NortonLifeLock) after their Norton Password Manager accounts were breached. Hackers successfully were able to access the accounts through credential-stuffing attacks on the platform.
Credential stuffing is when hackers use bots to take stolen usernames and passwords and try them against thousands of other websites in hopes to gain access to more victim accounts. This is why it’s exceptionally critical to use strong and unique passwords for every single online account.
The Office of the Vermont Attorney General states that the accounts were able to be compromised through an account on an alternative platform rather than the company directly. The notice goes on to reveal that the data was purchased on the Dark Web around Dec 1st 2022.
Gen Digital noticed an “unusually large volume” of failed login attempts on Dec 12th and investigated the issue. By Dec 22nd the company confirmed in their investigation that the attack had been successful.
"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. “In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address.”
While Norton has already reset passwords on impacted accounts and urged customers to install multifactor authentication, they stress that personal vaults may be compromised. This means that customers may have their private data for other online accounts revealed to hackers and stolen during the attack.
They are offering credit monitoring services to those affected.
This breach comes in the wake of LastPass’s cyber attack and breach. Read our previous blog about it here: It’s time to leave LastPass after Cyber Attack Severity Downplayed; Class Action Lawsuit Filed | Motiva Networks Blog
Cybersecurity Tips:
- Change your passwords regularly and use strong, unique passwords for every online site.
- Use 2-factor or multi-factor authentication.
- Antivirus and Malware scanning programs are a must on all devices that have access to the internet.
- Regularly scan devices for viruses and malware.
- Do not access financial or banking accounts on public Wi-Fi or unsecured networks.
- Regularly monitor your banking accounts and credit reports for unauthorized activity.
- Properly wipe all data from devices before junking, donating, or selling them.
We at Motiva Networks can help you plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Or you can schedule a quick 10-minute call to discuss the best options for your Agency or small business, or go over any questions you might have HERE.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
