Malcolm Owen
Customers of NortonLifeLock are being notified that Norton Password Manager accounts are being breached by hackers, performed via breaches of accounts on other platforms.
The notifications to customers of NortonLifeLock advise that hackers are successfully gaining access to Norton Password Manager accounts. However, it is claimed that the attacks were not caused by weak security in the Norton Password Manager systems, but instead via a third-party platform.
"Our own systems were not compromised. However, we strongly believe that an unauthorized third-party knows and has utilized your username and password for your account," the firm said in notices to customers, according to a letter sample shared with the Office of the Vermont Attorney General seen by BleepingComputer.
Specifically, the breach is known as a credential-stuffing attack, where an attacker acquires data from other sources, such as account compromises on other platforms, to try and gain access to the intended target.
In this instance, Norton saw detected an "unusually large volume" of failed login attempts on December 12, which usually indicates attempts at credential stuffing attacks. An internal investigation that ran until December 22 discovered that the attacks started from December 1, and that a number of accounts were successfully compromised.
While the number of affected accounts were not revealed, a statement from NortonLifeLock parent company Gen Digital revealed that approximately 925,000 inactive and active accounts could've been targeted in the attack.
Customers are warned in the notification that attackers may have obtained details stored in private vaults, which could lead to further compromises. Attackers may also have seen the account's first name, last name, phone number, and mailing address.
Norton has since reset passwords on impacted accounts, introduced additional measures to fend off attacks, and advises customers to enable two-factor authentication on their accounts. It also offers the use of a credit monitoring service.
The NortonLifeLock attack is the latest to be publicly known involving password locker services.
In December, LastPass confirmed that an August data breach involved names, addresses, and encrypted password data vaults. By late December, it was claimed that the vaults were potentially crackable for just $100.
Oliver Haslam
Andrew O'Hara
Wesley Hilliard
William Gallagher
Christine McKee
15 Comments
So far it looks like 1Password with their inclusion of a locally-created secret key along with your username and password is the most secure option for managing your password.
"...a statement from NortonLifeLock parent company Gen Digital revealed that approximately 925,000 inactive and active accounts could've been targeted in the attack." Glad I haven't used Norton on personally owned computers. Also, haven't used anything Norton in more than 10+ years on company owned computers (used competing brands during that timeframe). Never used 1Password (or any other 3rd party password manager). May be a good argument to phase out passwords in favor of passkeys (will start investigating passkeys).
Have noticed a large increase in spam emails starting about a week before Christmas. Wondering if a different database was hacked, or some company or companies running low on cash has been selling email addresses in a bid to make money.
Password re-use is the most likely vector for the ne'er-do-wells gaining access to the NortonLifeLocker systems. Which makes it painfully obvious that a large portion of the userbase does not and will never understand the point of a password manager.
So this occurred because a third party platform had been hacked? I wonder what that platform was?
I think this is going to be more common when we get more app stores with less oversight. Welcome to your future Europe. Also don’t use LifeLock, if its CEO can be hacked so can you.
https://www.wired.com/2010/05/lifelock-identity-theft/