This is likely the cause of the breach, some users may have used the same password that they used as their Norton Password Manager's master password, with accounts on other sites which may have been compromised and later sold.īased on this, NortonLifeLock may not be the one to blame entirely for this data breach, because customers used weak passwords. The company noted that the risk of user accounts being stolen is higher when people use the same password for multiple accounts, including Norton customer account and the master password. So anything from personal notes, addresses, or other sensitive data, could have been stolen. This is where it gets even more serious, Norton warns that the hackers may have also gained access stored in the private vaults of Norton Password Manager. NortonLifeLock has warned users that the breach may have resulted in the attackers viewing the user's first and last names, phone number and mailing address. Unlike brute force attacks where hackers try to guess the passwords of accounts, credential stuffing is a way of injecting already stolen passwords to gain access to accounts. It concluded the investigation on December 22nd, arriving at a conclusion that hackers had used credential stuffing attacks to compromise an unknown number of user accounts. The company detected an unusually high volume of failed login attempts on December 12th, which it began investigating. NortonLifeLock states that hackers bought stolen credentials from the dark web, and attempted to use the data to log in to Norton customer accounts around December 1, 2022. So, how did the attackers gain access to the accounts? I managed to access a cached version of the page, but was unable to download the PDF available there to view the statement. Note: The source link doesn't seem to work anymore. This username and password combination may potentially also be known to others." However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account. This is what the company had this to say in a letter shared with the Office of the Vermont Attorney General: The threat actors then used the code to breach the company's servers and gained access to the storage servers, which in turn led to the password vaults of users being stolen. In the case of the latter, it was an issue related to the company's own security systems, first some account(s) belonging to the developer environment were hacked, which led to some stolen code. The Norton Password Manager breach is quite different compared to LastPass'. Interestingly, almost exactly a year ago, Norton found itself in the news for the wrong reasons, when Norton 360 Antivirus was discovered to install a crypto miner. Gen Digital (formerly called as Symantec and NortonLifeLock), owns the Norton brand of products, along with Avast, AVG, Avira, CCleaner, to name a few. Other names may be trademarks of their respective owners.NortonLifeLock says some user accounts were stolen The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. Alexa and all related logos are trademarks of, Inc. App Store is a service mark of Apple Inc. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Firefox is a trademark of Mozilla Foundation. or its affiliates in the United States and other countries. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.Ĭopyright © 2023 NortonLifeLock Inc. The Norton and LifeLock Brands are part of NortonLifeLock Inc.
0 Comments
Leave a Reply. |