NortonLifeLock warns of password manager breach after failing to reject mass login attempts

A sizzling potato: Gen Digital, the safety enterprise formerly known as Symantec and NortonLifeLock, is sending safety alarms to prospects of the Norton Password Supervisor service. In response to the corporate, an unauthorized third-party has probably accessed Norton accounts, which has not come from a breach of their methods however a credential stuffing assault.

Credential stuffing is a sort of assault the place a malicious actor collects big troves of stolen credentials, often comprising usernames, emails and/or passwords from earlier knowledge breaches from different providers. The hackers use these stolen credentials to try to acquire unauthorized entry to person accounts on different platforms — assuming the person has reused the identical passwords — by executing large-scale automated login makes an attempt in opposition to an internet or distant utility.

Utilizing two-factor authentication often helps in stopping this kind of assault, which NortonLifeLock affords, as it will stop hackers from accessing an account with only a password.

NortonLifeLock accomplished an inside investigation round December 22, 2022, discovering an “unusually massive quantity” of failed login makes an attempt to buyer accounts on December 12, 2022. The investigation decided that, starting round December 1, 2022, a malicious actor was utilizing a listing of usernames and passwords obtained from different sources akin to unlawful marketplaces on the “darkish internet.”

A safety breach word was despatched to Norton shoppers that indicating that they “strongly imagine that an unauthorized third get together is aware of and has utilized your username and password to your account.” The Arizona-based company states that 925,000 “inactive and energetic” Norton accounts may have been focused by credential-stuffing assaults.

Upon a profitable login try, NortonLifeLock warns, cyber-criminals might have seen “your first title, final title, cellphone quantity, and mailing tackle.” For purchasers utilizing the Norton Password Supervisor, Norton says it can not rule out the potential breach of further particulars and knowledge saved there — “particularly in case your Password Supervisor secret is equivalent or similar to your Norton account password,” the corporate warns.

To guard customers and to keep away from additional credential stuffing assaults, NortonLifeLock has reset the affected Norton accounts and has taken “quite a few measures” to counter hackers’ efforts. The corporate is strongly encouraging customers to activate two-factor authentication, and it is providing a free credit score monitoring service (Equifax, Experian or TransUnion) to affected customers.

Norton additionally recommends all customers to urgently change their passwords for all accounts they’d saved on the password supervisor. Password hygiene is paramount, NortonLifeLock says, due to this fact customers ought to change passwords regularly, keep away from utilizing the identical password greater than as soon as, and solely use distinctive and complicated passwords.