1000’s of Norton LifeLock clients had their accounts compromised in current weeks, probably permitting legal hackers entry to buyer password managers, the corporate revealed in a current knowledge breach discover.
In a discover to clients, Gen Digital, the guardian firm of Norton LifeLock, stated that the seemingly offender was a credential stuffing assault — the place beforehand uncovered or breached credentials are used to interrupt into accounts on completely different websites and providers that share the identical passwords — fairly than a compromise of its techniques. It’s why two-factor authentication, which Norton LifeLock presents, is really helpful, because it blocks attackers from accessing somebody’s account with simply their password.
The corporate stated it discovered that the intruders had compromised accounts way back to December 1, shut to 2 weeks earlier than its techniques detected a “massive quantity” of failed logins to buyer accounts on December 12.
“In accessing your account along with your username and password, the unauthorized third occasion could have seen your first identify, final identify, telephone quantity, and mailing deal with,” the information breach discover stated. The discover was despatched to clients that it believes use its password supervisor characteristic, as a result of the corporate can’t rule out that the intruders additionally accessed clients’ saved passwords.
Gen Digital stated it despatched notices to about 6,450 clients whose accounts had been compromised.
Norton LifeLock gives identification safety and cybersecurity providers. It’s the newest incident involving the theft of buyer passwords of late. Earlier this 12 months, password supervisor big LastPass confirmed a knowledge breach by which intruders compromised its cloud storage and stole hundreds of thousands of consumers’ encrypted password vaults. In 2021, the corporate behind a preferred enterprise password supervisor known as Passwordstate was hacked to push a tainted software program replace to its clients, permitting the cybercriminals to steal clients’ passwords.
That stated, password managers are nonetheless extensively really helpful by safety professionals for producing and storing distinctive passwords, as long as the suitable precautions and protections are put in place to restrict the fallout within the occasion of a compromise.
