NortonLifeLock warns of password manager breach after failing to reject mass login attempts
Credential stuffing attack could impact thousands of accountsBy Alfonso Maruccia 7 comments
A hot potato: Gen Digital, the security business formerly known as Symantec and NortonLifeLock, is sending security alarms to customers of the Norton Password Manager service. According to the company, an unauthorized third-party has possibly accessed Norton accounts, which has not come from a breach in their systems but a credential stuffing attack.
Credential stuffing is a type of attack where a malicious actor collects huge troves of stolen credentials, usually comprising usernames, emails and/or passwords from previous data breaches from other services. The hackers use these stolen credentials to try and gain unauthorized access to user accounts on other platforms -- assuming the user has reused the same passwords -- by executing large-scale automated login attempts against a web or remote application.
Using two-factor authentication usually helps in preventing this type of attack, which NortonLifeLock offers, as it would prevent hackers from accessing an account with just a password.
NortonLifeLock completed an internal investigation around December 22, 2022, discovering an "unusually large volume" of failed login attempts to customer accounts on December 12, 2022. The investigation determined that, beginning around December 1, 2022, a malicious actor was using a list of usernames and passwords obtained from other sources such as illegal marketplaces on the "dark web."
A security breach note was sent to Norton clients that indicating that they "strongly believe that an unauthorized third party knows and has utilized your username and password for your account." The Arizona-based corporation states that 925,000 "inactive and active" Norton accounts could have been targeted by credential-stuffing attacks.
Upon a successful login attempt, NortonLifeLock warns, cyber-criminals may have viewed "your first name, last name, phone number, and mailing address." For customers using the Norton Password Manager, Norton says it cannot rule out the potential breach of additional details and data stored there -- "especially if your Password Manager key is identical or very similar to your Norton account password," the company warns.
To protect users and to avoid further credential stuffing attacks, NortonLifeLock has reset the affected Norton accounts and has taken "numerous measures" to counter hackers' efforts. The company is strongly encouraging users to activate two-factor authentication, and it's offering a free credit monitoring service (Equifax, Experian or TransUnion) to affected users.
Norton also recommends all users to urgently change their passwords for all accounts they had stored on the password manager. Password hygiene is paramount, NortonLifeLock says, therefore users should change passwords on a regular basis, avoid using the same password more than once, and only use unique and complex passwords.