Norton LifeLock has announced that a large number customer accounts have been affected by a breach.
A customer notice from Gen Digital, Norton’s parent company, claimed that the breach was likely the result of a credential stuffing attack, where threat actors use lists of previously exposed passwords to hack into numerous accounts used by victims, on the presumption that they will have used the same password for multiple services.
On December 12 2022, Gen Digital said that it received a large number of failed login attempts, tipping it off to the attack. It believes that compromised accounts dated back to December 1.
Passwords at risk
Given the fact that many admit to reusing the same passwords for various accounts, these attacks can be quite effective.
The notices were sent to over 6,000 customers whose accounts had been hacked. Gen Digital stated that hackers may have ascertained personal information from hacking into customer accounts, such as names, phone numbers and addresses. Passwords stored using the password manager feature may also have been accessed, with Gen Digital cautioning this could not be ruled out.
LifeLock is an identify theft protection platform by Norton, the company best known for its once market leading antivirus software. It also comes bundled with the company’s security suite Norton 360.
As Gen Digital itself recommends, multi-factor authentication is essential for keeping safe, by making sure it is actually you who is trying to access your account. It works by sending a verification prompt or code to another one of your devices, such as your smartphone, via SMS or a dedicated authenticator app, when a login is attempted on your account.
LifeLock’s password manager isn’t alone in suffering a potential breach. LastPass has been having a torrid time since its customer’s password vaults were stolen last year, despite assuring customers that the passwords remained encrypted.
- For optimum security, you should consider using the best firewall