NortonLifeLock: Attack from 1.12.2022 on user accounts and possible access to Password Manager accounts

Sicherheit (Pexels, allgemeine Nutzung)[German]Warning to all users of Password Manager accounts from the vendor NortonLifeLock. There was a credential stuffing attack on NortonLifeLock users' accounts in December 2022. The vendor believe that the attackers were successful on a number of user accounts and gained access to the Password Manager accounts.


Advertising

The NortonLifeLock warning about potential data access to Password Manager accounts was issued by the Vermont State Attorney General's office as of January 9, 2023. Colleagues here noticed this privacy incident notice from Gen Digital (NortonLifeLock).

Gen Digital Inc. is a US developer of security software for home users. The company's headquarters are in Tempe, in the state of Arizona; and since the acquisition of Avast, Prague is a second headquarters. It gets interesting when you know that this is the legal successor to Symantec Corporation and NortonLifeLock, which in turn bought antivirus manufacturers Avira and Avast, among others.

What happened?

On December 12, 2022, NortonLifeLock security staff discovered an unusually large number of failed logins to customer accounts. Steps were immediately taken to analyze these events. But it was not until 10 days later, around December 22, 2022, that the first findings were made.

An unauthorized third party had performed a credential stuffing attack on NortonLifeLock user accounts starting on December 1, 2022. In this attack, the attacker uses a list of usernames and passwords obtained from another source, such as the dark web. Using this list, an attempt was made to log into Norton customer accounts.

NortonLifeLock writes that its own systems were not attacked. There was also no vulnerability in its products. However, after analyzing the attack, the vendor strongly believes that an unauthorized third party knew and used the username and password for a number of user accounts account (namely, all NortonLifeLock user accounts where the username and password are evident from the lists used).

NortonLifeLock data breach warning


Advertising

The vendor writes in its notification (see the image above and the text at the end of the article) that the attacker may have been able to view the account holder's first name, last name, phone number and mailing address when accessing a user account. The company's internal documents also show that users are using the Norton Password Manager feature.

Access to password manager?

NortonLifeLock cannot rule out the possibility that the unauthorized third party also accessed the data stored there, especially if the Password Manager key is identical or very similar to your Norton account password.

The company warns that if user account data has been accessed, the unauthorized third party could make that data available to other unauthorized parties. It is obvious that the used combination of password and email address is used for further login attempts of other online accounts.

The vendor already reset the Norton passwords of the affected accounts at the beginning of the investigation to prevent further attempts to access your account by the unauthorized third party. It is unclear whether those affected were informed directly by the company via mail. In any case, the case shows once again how risky the use of online password managers is.

But the incident is also a user failure of users who probably used combinations of username and password for different online accounts. If a data protection incident occurs in which this data is captured, it will end up in lists used for credentiaö stuffing attacks. So, if you have an online account with NortonLifeLock and have not been aware of the incident yet, you should react as soon as possible and change the passwords of your user accounts.

Below is the text of the notification from Norton LifeLock


Not Norton LifeLock

Dear Valued Customer,

We are writing to notify you of an incident involving your personal information.

Norton has intrusion detection systems in place to protect our customers and their data. These systems alerted us that an unauthorized third party likely has knowledge of the email and password you have been using with your Norton account (login.norton.com) and your Norton Password Manager. We recommend you change your passwords with us and elsewhere immediately.

What happened

On December 12, 2022, we detected an unusually large volume of failed logins to customer accounts. We quickly took steps to investigate, and on around December 22, 2022, we determined that, beginning around December 1, 2022, an unauthorized third party had used a list of usemames and passwords obtained from another source, such as the dark web, to attempt to log into Norton customer accounts. Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your usemame and password for your account. This usemame and password combination may potentially also be known to others.

In accessing your account with your usemame and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address. Our records indicate that you utilize our Norton Password Manager feature and, we cannot rule out that the unauthorized third party also obtained details stored there especially if your Password Manager key is identical or very similar to your Norton account password. If your data has been accessed, the unauthorized third party could make this data available to other unauthorized parties or use the password and email combination to try to access your other online accounts.

Steps we have taken

To protect you best, early in our investigation, we quickly reset your Norton password in order to prevent additional attempts to access your account by the unauthorized third party. In addition, we took numerous measures to counter the efforts of these unauthorized third parties and to impede their efforts to validate credentials and access accounts. We care deeply about your Cyber Safety and work to provide the best security for your data, such as offering two-factor authentication which we strongly encourage you to use We are making a credit monitoring service available to you. If you would like additional information about this incident, or information on credit monitoring please contact our customer service (contact details below). This notification was not delayed as a result of a law enforcement investigation.

NortonUfelocic Inc. ; 60 E Rio Satufo Pkvey STE /COD. Tempe. AZ 85281 : Nort0niaLoc1c.com

Ähnliche Artikel:
Investoren aus Bahrein übernehmen AV-Hersteller Avira
Avira for Business für 1.1.2022 abgekündigt
Verkauft: Avira geht an an neuen Eigentümer NortonLifeLock
Krass: Norton 360 installiert Krypto-Miner
Avira Crypto: Auch Avira lockt die Nutzer mit Krypto-Miner
Norton 360 Krypto-Miner: Der Anbieter schöpft den Profit ab, Nutzer schauen in die Röhre
Avast wird von Norton für 8,6 Milliarden US-Dollar gekauft
Symantec-Übernahme durch Broadcom abgeschlossen
Nutzerberichte: TP-Link-Router teilen Traffic mit Drittanbietern (Avira)


Advertising

This entry was posted in Cloud, Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).