Cybersecurity firm NortonLifeLock recently notified customers that hackers had gained access to their Norton Password Manager accounts. However, the company claimed that the attacks were not due to weak security on its systems, but rather due to vulnerabilities on other platforms.
This type of attack is known as a credential stuffing attack, where the attacker obtains data from other sources, such as compromised accounts on other platforms, in order to gain access to the intended target. In this case, Norton detected an unusually high number of failed login attempts on December 12 This usually indicates a credential stuffing attack. An internal investigation revealed that the attack began on December 1, with many accounts successfully compromised.
While the number of accounts affected has not been disclosed, a statement from Gen Digital, the parent company of NortonLifeLock, indicates that approximately 925,000 inactive and active accounts may have been targeted by the attack. Customers have been warned that attackers may have obtained details Stored in private vaults, this could lead to further compromises. The attackers may have also seen the account’s first name, last name, phone number and mailing address.
In response to this attack, Norton reset the passwords for affected accounts and took additional steps to protect against future attacks. The company also advises customers to enable two-factor authentication on their accounts and offers credit monitoring services.
The attack on NortonLifeLock is the latest known incident involving the password lock service. In December, LastPass confirmed a data breach in August involving name addresses and encrypted password data vaults. By late December, it was said that the vaults may have been Only $100.