Users personal information including passwords has been stolen from Norton

Users’ personal information, including passwords, has been stolen from Norton Password Manager

NortonLifeLock announced that attackers managed to compromise the accounts of thousands of Norton Password Manager users over the past few weeks. The company is currently sending out notifications to customers affected by this incident.

According to reports, the incident was not due to a vulnerability in the company’s IT systems or software. The notification states that the attackers carried out a massive credential spoofing attack, ie attempted to log into the password manager using credentials from third-party sources, possibly as part of other information leaks. To put it simply, the attackers tested the possibility of authorization in Norton Password Manager with user data from other accounts.

It is noted that such an attack was impossible to carry out if all password manager users used the two-factor authentication feature, which does not allow access to data with only a password. Regarding the incident, it is said that on December 12, Norton specialists registered an unusually large number of unsuccessful attempts to authorize the system. An internal investigation conducted after the attackers’ actions were identified found that the first credential replacement attacks began on December 1st.

According to the source, Gen Digital, a subsidiary of NortonLifeLock, sent out 6,450 notifications to customers whose accounts were affected by this incident. Another source reports that the attackers may have targeted around 925,000 of the company’s active and inactive customer accounts. Customers have been informed that attackers may have accessed usernames and passwords, as well as personal information such as full names, phone numbers, and email addresses. The company strongly recommends users to use two-factor authentication to avoid similar incidents in the future.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment