NortonLifeLock warns thousands of Password Manager accounts accessed by hackers
NortonLifeLock warns thousands of Password Manager accounts accessed by hackers

Data breach notifications are being sent out to customers of Gen Digital (formerly Symantec Corp. And NortonLifeLock) after their Norton Password Manager accounts were breached. Hackers successfully were able to access the accounts through credential-stuffing attacks on the platform. 

Credential stuffing is when hackers use bots to take stolen usernames and passwords and try them against thousands of other websites in hopes to gain access to more victim accounts. This is why it’s exceptionally critical to use strong and unique passwords for every single online account.  

The Office of the Vermont Attorney General states that the accounts were able to be compromised through an account on an alternative platform rather than the company directly. The notice goes on to reveal that the data was purchased on the Dark Web around Dec 1st 2022.  

Gen Digital noticed an “unusually large volume” of failed login attempts on Dec 12th and investigated the issue. By Dec 22nd the company confirmed in their investigation that the attack had been successful.

"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. “In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address.”

While Norton has already reset passwords on impacted accounts and urged customers to install multifactor authentication, they stress that personal vaults may be compromised. This means that customers may have their private data for other online accounts revealed to hackers and stolen during the attack.  

They are offering credit monitoring services to those affected.  

This breach comes in the wake of LastPass’s cyber attack and breach. Read our previous blog about it here: It’s time to leave LastPass after Cyber Attack Severity Downplayed; Class Action Lawsuit Filed | Motiva Networks Blog

 

Cybersecurity Tips: 

We at Motiva Networks can help you plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Or you can schedule a quick 10-minute call to discuss the best options for your Agency or small business, or go over any questions you might have HERE. 
Walter-Contreras

Related blogs