Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
NortonLifeLock warns that hackers breached Password Manager accounts
#1
https://www.bleepingcomputer.com/news/se...-accounts/    NortonLifeLock warns that hackers breached Password Manager accounts
By Bill Toulas
January 13, 2023      Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.

According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms.

"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said.

"This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts.

The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk.

By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.

In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address — NortonLifeLock

For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults.

Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more.

NortonLifeLock underlines that the risk is especially large for those who use similar Norton account passwords and Password Manager master keys, allowing the attackers to pivot more easily.

The company says it has reset Norton passwords on impacted accounts to prevent attackers from gaining access to them again in the future and also implemented additional measures to counter the malicious attempts.

NortonLifeLock also advises customers to enable two-factor authentication to protect their accounts and take up the offer for a credit monitoring service.

The company is yet to disclose the exact number of people impacted by this incident. BleepingComputer has reached out to NortonLifeLock, and we'll update this post as soon as we hear back.
Reply
#2
Another password manager breached. LastPass has been hit twice.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Bitdefender Password Manager to replace Bitdefender Wallet mrtrout 0 702 04-05-2023 , 10:11 PM
Last Post: mrtrout
  Digital security giant Entrust breached by ransomware gang mrtrout 0 898 07-23-2022 , 12:02 AM
Last Post: mrtrout
  Hackers breached China’s National Games ahead of last year’s competition Mohammad.Poorya 0 1,032 02-04-2022 , 05:27 PM
Last Post: Mohammad.Poorya
  Hackers leak passwords for 500,000 Fortinet VPN accounts mrtrout 0 770 09-08-2021 , 11:11 PM
Last Post: mrtrout
  NortonLifeLock and Avast PLC to merge in $8.4 billion transaction mrtrout 0 676 08-11-2021 , 04:45 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)