NortonLifeLock notifies thousands of users about compromised Password Manager accounts

NortonLifeLock notifies thousands of users about compromised Password Manager accounts

Image:
NortonLifeLock notifies thousands of users about compromised Password Manager accounts

Attackers used login details obtained from third-party platforms

Thousands of NortonLifeLock customers have received a warning from parent company Gen Digital, notifying them that hackers have successfully compromised Norton Password Manager accounts using credential-stuffing attacks.

In a letter shared with the Office of the Vermont Attorney General, the firm said that the attacks were the consequence of a breach of a third-party platform rather than a breach at NortonLifeLock. Actors gained access to the intended target after obtaining data from other sources, such as from compromised accounts on other platforms, in a so-called credential stuffing attack.

"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," Gen Digital's notification said. "This username and password combination may potentially also be known to others."

On 12th December, Gen Digital discovered an unusual amount of unsuccessful login attempts. An internal investigation that concluded on 22nd December revealed that the attacks had begun on 1st December, using username password combinations presumably acquired in bulk elsewhere, and that many accounts had been successfully breached.

Gen Digital alerted users that further compromises would result if attackers were able to access information from private vaults. It has not stated how many accounts may have been affected.

The first name, last name, phone number and postal address of any Norton accounts may have been visible to the attackers. Users who deploy identical Norton account passwords and Password Manager master keys are particularly at risk.

The firm says it has changed the Norton passwords on the affected accounts to make it more difficult for attackers to access them in the future, and has also put extra safeguards in place to thwart the nefarious attempts.

NortonLifeLock suggests users set two-factor authentication to secure their accounts, and take advantage of a credit monitoring service provided.

Password managers and IAM are a prime target

This is just the latest in a long line of incidents involving the theft of consumer credentials.

Identity and access management systems and password managers have recently been a target for attackers, since a single hack may unleash a veritable treasure trove of data across high-value accounts.

LastPass was the subject of an impersonation attack in August 2022, which allowed hackers to infiltrate its development environment and steal source code and customer information. The company experienced a follow-up attack last month on a cloud storage bucket it utilises.

In March last year, Okta said that hackers had gained access to a back-end administrative panel used by the company for managing clients and other things by using the system of a third-party customer support engineer. Around 366 customers were affected, with two real data breaches happening.

In 2021, Passwordstate, a well-known business password manager, was hacked, enabling hackers to spread a malicious software update to users and steal their credentials.