Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms.
"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said.
"This username and password combination may potentially also be known to others."
More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts.
The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk.
By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.
In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address — NortonLifeLock
For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults.
Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more.
NortonLifeLock underlines that the risk is especially large for those who use similar Norton account passwords and Password Manager master keys, allowing the attackers to pivot more easily.
The company says it has reset Norton passwords on impacted accounts to prevent attackers from gaining access to them again in the future and also implemented additional measures to counter the malicious attempts.
NortonLifeLock also advises customers to enable two-factor authentication to protect their accounts and take up the offer for a credit monitoring service.
The company is yet to disclose the exact number of people impacted by this incident. BleepingComputer has reached out to NortonLifeLock, and we'll update this post as soon as we hear back.
Update 1/14 - A Gen Digital spokesperson has sent BleepingComputer the following comment:
Gen’s family of brands offers products and services to approximately 500 million users. We have secured 925,000 inactive and active accounts that may have been targeted by credential-stuffing attacks.
Our top priority is to help our customers secure their digital lives. Our security team identified a high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers, and we quickly took a variety of actions to help secure our customer’s accounts and their personal information. Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts.
We have been monitoring closely, flagging accounts with suspicious login attempts and proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our customers. We continue to work with our customers to help them secure their accounts and personal information.
Comments
jbcomm07 - 1 year ago
I am so glad that I never used this crap from Norton!
GT500 - 1 year ago
LifeLock? Isn't that the same company whose CEO had his identity stolen 9 times, and each time he didn't head about it until the police showed up at his door to ask him to sign the report? At least until Symantec bought them out and tacked their name onto the end of Norton's, because... marketing...
TsVk! - 1 year ago
Symantec bought Norton in 1990. Before that Norton didn't even offer security solutions, just DOS utilities.
GT500 - 1 year ago
It's been a while, but I'm pretty certain that Norton Anti-Virus existed before Symantec purchased the company (I remember knowing people who talked about using it before Symantec bought Norton).
Anyway, not certain what any of that has to do with LifeLock.
TsVk! - 1 year ago
You don't have to be pretty certain, you can just search it up mate. ¯\_(ツ)_/¯
GT500 - 1 year ago
I checked the Wikipedia article. The way it's written, you could assume Norton Anti-Virus existed before Symantec bought them out, but I didn't see an initial release date vs a date of merger/acquisition/whatever. Considering how old Norton is, and how long ago Symantec bought them out, I don't feel like trying to find old announcements that may or may not exist anymore to see if I can figure out the dates for myself.
Still doesn't have anything to do with LifeLock though.
lonegull - 1 year ago
LifeLock, Lock yourself into a Life time of being hacked! Gen Digital is an umbrella company for LifeLock, Norton, CCleaner, Avast, AVG...etc. If they can secure inactive accounts to prevent this attack, then their system(s) have been affected. The credentials stolen gets the hackers into LifeLock/Norton system(s) to access the vaults, it isn't the users PCs being hacked. Corporate double talk!