NortonLifeLock warns that hackers breached Password Manager accounts

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.

According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms.

"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said.

"This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts.

The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk.

By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.

In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address — NortonLifeLock

For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults.

Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more.

NortonLifeLock underlines that the risk is especially large for those who use similar Norton account passwords and Password Manager master keys, allowing the attackers to pivot more easily.

The company says it has reset Norton passwords on impacted accounts to prevent attackers from gaining access to them again in the future and also implemented additional measures to counter the malicious attempts.

NortonLifeLock also advises customers to enable two-factor authentication to protect their accounts and take up the offer for a credit monitoring service.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
not good to have Norton Password Manager at the moment :)

"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account"

This isnt Norton fault, recently there were some password leaks and people like to use the same password in many services, so the criminals are using the leaked credentials to try to log in password managers, those attacks probably are happening with other providers too.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on the activity on Dec. 12, when its IDS systems flagged "an unusually high number of failed logins" on Norton accounts. After a 10-day investigation, it turns out that the activity stretched back to Dec. 1, the company said.

While Gen Digital didn't say how many of the accounts were compromised, it did caution customers that the attackers were able to access names, phone numbers, and mailing addresses from any Norton accounts where they were successful.

 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Gen Digital, the parent company of Norton LifeLock, said that the likely culprit was a credential stuffing attack — where previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords — rather than a compromise of its systems. It’s why two-factor authentication, which Norton LifeLock offers, is recommended, as it blocks attackers from accessing someone’s account with just their password.

The company said it found that the intruders had compromised accounts as far back as December 1, close to two weeks before its systems detected a “large volume” of failed logins to customer accounts on December 12.

" Likely culprit " is hopefully for themselves the correct assessment here, unless we in a month or so start being presented with more, issues. Will be interesting to see any class action lawsuits in this case, as the customer disclosure seems a bit slow poke. The previous pdf link with the notification from Nortonlifelock has also for some reason been deleted, but is available on the web archive:
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
After the LastPass and Norton LifeLock breach, I suggest doing no longer rely on any online password manager
 
  • Like
Reactions: [correlate]

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
After the LastPass and Norton LifeLock breach, I suggest doing no longer rely on any online password manager
LsstPass is a real breach, no longer recommended, but Norton was a victim of credential stuffing.
Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service.
So that is not a breach.
While I do not use Norton, I don't think it is unsafe to use them, based on this attack.
It’s why two-factor authentication, which Norton LifeLock offers, is recommended, as it blocks attackers from accessing someone’s account with just their password.
If you use any important online account, like an online passwordmanager, use two-factor authentication for it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top