Norton LifeLock has announced that a large number of customer accounts have been affected by a hack.
A customer notice from Gen Digital, Norton’s parent company, claimed that the breach was likely the result of a credential stuffing attack, in which threat actors use previously exposed lists of passwords to compromise multiple accounts used by victims, assuming they would use the same password. Traffic for multiple services.
On December 12, 2022, Gen Digital said it had received a large number of failed login attempts, prompting it to attack. It believes the hacked accounts date back to December 1st.
Passwords are at risk
Considering the fact that many admit to reusing the same passwords for different accounts, these attacks can be very effective.
Notifications were sent to more than 6,000 customers whose accounts were hacked. Gen Digital reported that the hackers may have ascertained personal information from hacked customer accounts, such as names, phone numbers, and addresses. Passwords stored using the password manager feature may also have been accessed, with Gen Digital warning this cannot be ruled out.
LifeLock is an identity theft protection platform from Norton, the company best known for its market-leading antivirus software. It also comes bundled with the company’s Norton 360 security suite.
As Gen Digital itself recommends, multi-factor authentication is essential to maintaining security, by making sure that you are in fact the one trying to access your account. It works by sending a prompt or verification code to another of your devices, such as your smartphone, via SMS or a dedicated authentication app, when you try to log into your account.
LifeLock’s password manager isn’t alone in suffering from a potential breach. LastPass has had a tough time since its customers’ password lockers were stolen last year, despite reassuring customers that passwords remained encrypted.
- For optimal security, you should consider using the best firewall