Hundreds of Norton LifeLock prospects had their accounts compromised in latest weeks, doubtlessly permitting prison hackers entry to buyer password managers, the corporate revealed in a latest information breach discover.
In a discover to prospects, Gen Digital, the mum or dad firm of Norton LifeLock, stated that the probably offender was a credential stuffing assault — the place beforehand uncovered or breached credentials are used to interrupt into accounts on totally different websites and companies that share the identical passwords — fairly than a compromise of its programs. It’s why two-factor authentication, which Norton LifeLock gives, is beneficial, because it blocks attackers from accessing somebody’s account with simply their password.
The corporate stated it discovered that the intruders had compromised accounts way back to December 1, shut to 2 weeks earlier than its programs detected a “massive quantity” of failed logins to buyer accounts on December 12.
“In accessing your account along with your username and password, the unauthorized third occasion could have seen your first identify, final identify, telephone quantity, and mailing handle,” the information breach discover stated. The discover was despatched to prospects that it believes use its password supervisor function, as a result of the corporate can not rule out that the intruders additionally accessed prospects’ saved passwords.
Gen Digital stated it despatched notices to about 6,450 prospects whose accounts had been compromised.
Norton LifeLock offers identification safety and cybersecurity companies. It’s the most recent incident involving the theft of buyer passwords of late. Earlier this yr, password supervisor big LastPass confirmed an information breach wherein intruders compromised its cloud storage and stole hundreds of thousands of consumers’ encrypted password vaults. In 2021, the corporate behind a preferred enterprise password supervisor referred to as Passwordstate was hacked to push a tainted software program replace to its prospects, permitting the cybercriminals to steal prospects’ passwords.
That stated, password managers are nonetheless extensively beneficial by safety professionals for producing and storing distinctive passwords, as long as the suitable precautions and protections are put in place to restrict the fallout within the occasion of a compromise.