Hackers Breach Norton Password Manager Accounts
According to the latest reports, NortonLifeLock has recently warned a few customers that Norton Password Manager accounts are being breached by hackers. Moreover, it is being said that they performed via breaches of accounts on other platforms.Norton Password Manager Accounts HACKED!!!
Reports claim that the notifications to customers of NortonLifeLock clearly state that hackers are successfully gaining access to Norton Password Manager accounts. Furthermore, it is claimed that the attacks were not caused by weak security in the Norton Password Manager systems, but, instead via a third-party platform. According to a letter sample shared with the Office of the Vermont Attorney General, the firm stated in notices to customers:
The point worth mentioning here is that the breach is known as a credential-stuffing attack. In such attacks, an attacker acquires data from other sources, such as account compromises on other platforms in order to try and gain access to the intended target. If we talk about the recent case, Norton detected an “unusually large volume” of failed login attempts on December 12 which clearly indicates attempts at credential stuffing attacks. Moreover, an internal investigation was carried out that ran until December 22. It was discovered that the attacks started on December 1 in which a great number of accounts were successfully compromised.
There had been no words regarding the number of affected accounts. However, a statement from NortonLifeLock’s parent company Gen Digital recently revealed that approximately 925,000 inactive and active accounts are expected to be targeted in the attack. The company has warned customers in the notification that attackers may have gotten their hands on details stored in private vaults, which could lead to further compromises. Hackers may also have seen the account’s first name, last name, phone number, and mailing address, etc.
Since then, Norton has reset passwords on impacted accounts. In addition to that, it has introduced additional measures to fend off attacks and advises customers to enable two-factor authentication on their accounts as well. The use of a credit monitoring service is also being offered.