Norton LifeLock said a large number of customer accounts were affected by the breach.
A customer notification from Gen Digital, Norton’s parent company, stated that the breach was likely the result of a credential stuffing attack where cybercriminals use lists of previously leaked passwords to break into numerous accounts used by victims, assuming they will use this same password for multiple services.
On December 12, 2022, Gen Digital reported that it had received a large number of failed login attempts, prompting the attack. He believes the compromised accounts were from December 1.
Passwords at risk
Given the fact that many admit to reusing the same passwords for different accounts, these attacks can be quite effective.
Notifications were sent to over 6,000 customers whose accounts had been hacked. Gen Digital said that hackers may have ascertained personal information when hacking into customer accounts, such as names, phone numbers and addresses. Passwords stored using the password manager feature could also have been accessed, and Gen Digital warns that this cannot be ruled out.
LifeLock is the identity theft protection platform from Norton, the company best known for its once-leading antivirus software. It also comes bundled with the company’s Norton 360 security suite.
As Gen Digital itself recommends, multi-factor authentication is essential to keeping you safe by making sure you’re the one trying to access your account. It works by sending a verification prompt or code to another device, such as a smartphone, via SMS or a dedicated authenticator app when you try to log into your account.
LifeLock Password Manager is not alone in the event of a potential breach. LastPass has had a hard time since its customers’ password vaults were stolen last year, despite customers’ assurances that their passwords remained encrypted.
- For optimal security, consider using the best firewall