1000’s of Norton LifeLock prospects had their accounts compromised in current weeks, probably permitting prison hackers entry to buyer password managers, the corporate revealed in a current knowledge breach discover.
In a discover to prospects, Gen Digital, the dad or mum firm of Norton LifeLock, mentioned that the doubtless wrongdoer was a credential stuffing assault — the place beforehand uncovered or breached credentials are used to interrupt into accounts on completely different websites and providers that share the identical passwords — slightly than a compromise of its programs. It’s why two-factor authentication, which Norton LifeLock affords, is really helpful, because it blocks attackers from accessing somebody’s account with simply their password.
The corporate mentioned it discovered that the intruders had compromised accounts way back to December 1, shut to 2 weeks earlier than its programs detected a “giant quantity” of failed logins to buyer accounts on December 12.
“In accessing your account along with your username and password, the unauthorized third get together could have seen your first title, final title, cellphone quantity, and mailing handle,” the information breach discover mentioned. The discover was despatched to prospects that it believes use its password supervisor function, as a result of the corporate can’t rule out that the intruders additionally accessed prospects’ saved passwords.
Gen Digital mentioned it despatched notices to about 6,450 prospects whose accounts had been compromised.
Norton LifeLock offers id safety and cybersecurity providers. It’s the newest incident involving the theft of buyer passwords of late. Earlier this 12 months, password supervisor big LastPass confirmed an information breach through which intruders compromised its cloud storage and stole thousands and thousands of shoppers’ encrypted password vaults. In 2021, the corporate behind a well-liked enterprise password supervisor referred to as Passwordstate was hacked to push a tainted software program replace to its prospects, permitting the cybercriminals to steal prospects’ passwords.
That mentioned, password managers are nonetheless broadly really helpful by safety professionals for producing and storing distinctive passwords, as long as the suitable precautions and protections are put in place to restrict the fallout within the occasion of a compromise.
