{"id":28418,"date":"2023-01-14T09:35:06","date_gmt":"2023-01-14T08:35:06","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=28418"},"modified":"2023-02-14T15:35:02","modified_gmt":"2023-02-14T14:35:02","slug":"nortonlifelock-attack-from-1-12-2022-on-user-accounts-and-possible-access-to-password-manager-accounts","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/01\/14\/nortonlifelock-attack-from-1-12-2022-on-user-accounts-and-possible-access-to-password-manager-accounts\/","title":{"rendered":"NortonLifeLock: Attack from 1.12.2022 on user accounts and possible access to Password Manager accounts"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Warning to all users of Password Manager accounts from the vendor NortonLifeLock. There was a credential stuffing attack on NortonLifeLock users' accounts in December 2022. The vendor believe that the attackers were successful on a number of user accounts and gained access to the Password Manager accounts.<\/p>\n

<\/p>\n

\"\"The NortonLifeLock warning about potential data access to Password Manager accounts was issued by the Vermont State Attorney General's office as of January 9, 2023. Colleagues here<\/a> noticed this privacy incident notice from Gen Digital (NortonLifeLock).<\/p>\n

Gen Digital Inc.<\/a> is a US developer of security software for home users. The company's headquarters are in Tempe, in the state of Arizona; and since the acquisition of Avast, Prague is a second headquarters. It gets interesting when you know that this is the legal successor to Symantec Corporation and NortonLifeLock, which in turn bought antivirus manufacturers Avira and Avast, among others.<\/p><\/blockquote>\n

What happened?<\/h2>\n

On December 12, 2022, NortonLifeLock security staff discovered an unusually large number of failed logins to customer accounts. Steps were immediately taken to analyze these events. But it was not until 10 days later, around December 22, 2022, that the first findings were made.<\/p>\n

An unauthorized third party had performed a credential stuffing attack on NortonLifeLock user accounts starting on December 1, 2022. In this attack, the attacker uses a list of usernames and passwords obtained from another source, such as the dark web. Using this list, an attempt was made to log into Norton customer accounts.<\/p>\n

NortonLifeLock writes that its own systems were not attacked. There was also no vulnerability in its products. However, after analyzing the attack, the vendor strongly believes that an unauthorized third party knew and used the username and password for a number of user accounts account (namely, all NortonLifeLock user accounts where the username and password are evident from the lists used).<\/p>\n

\"NortonLifeLock<\/p>\n

The vendor writes in its notification (see the image above and the text at the end of the article) that the attacker may have been able to view the account holder's first name, last name, phone number and mailing address when accessing a user account. The company's internal documents also show that users are using the Norton Password Manager feature.<\/p>\n

Access to password manager?<\/h2>\n

NortonLifeLock cannot rule out the possibility that the unauthorized third party also accessed the data stored there, especially if the Password Manager key is identical or very similar to your Norton account password.<\/p>\n

The company warns that if user account data has been accessed, the unauthorized third party could make that data available to other unauthorized parties. It is obvious that the used combination of password and email address is used for further login attempts of other online accounts.<\/p>\n

The vendor already reset the Norton passwords of the affected accounts at the beginning of the investigation to prevent further attempts to access your account by the unauthorized third party. It is unclear whether those affected were informed directly by the company via mail. In any case, the case shows once again how risky the use of online password managers is.<\/p>\n

But the incident is also a user failure of users who probably used combinations of username and password for different online accounts. If a data protection incident occurs in which this data is captured, it will end up in lists used for credentia\u00f6 stuffing attacks. So, if you have an online account with NortonLifeLock and have not been aware of the incident yet, you should react as soon as possible and change the passwords of your user accounts.<\/p>\n

Below is the text of the notification from Norton LifeLock<\/p>\n

\n

Not Norton LifeLock<\/strong><\/p>\n

Dear Valued Customer,<\/p>\n

We are writing to notify you of an incident involving your personal information.<\/p>\n

Norton has intrusion detection systems in place to protect our customers and their data. These systems alerted us that an unauthorized third party likely has knowledge of the email and password you have been using with your Norton account (login.norton.com) and your Norton Password Manager. We recommend you change your passwords with us and elsewhere immediately.<\/p>\n

What happened<\/strong><\/p>\n

On December 12, 2022, we detected an unusually large volume of failed logins to customer accounts. We quickly took steps to investigate, and on around December 22, 2022, we determined that, beginning around December 1, 2022, an unauthorized third party had used a list of usemames and passwords obtained from another source, such as the dark web, to attempt to log into Norton customer accounts. Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your usemame and password for your account. This usemame and password combination may potentially also be known to others.<\/p>\n

In accessing your account with your usemame and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address. Our records indicate that you utilize our Norton Password Manager feature and, we cannot rule out that the unauthorized third party also obtained details stored there especially if your Password Manager key is identical or very similar to your Norton account password. If your data has been accessed, the unauthorized third party could make this data available to other unauthorized parties or use the password and email combination to try to access your other online accounts.<\/p>\n

Steps we have taken<\/strong><\/p>\n

To protect you best, early in our investigation, we quickly reset your Norton password in order to prevent additional attempts to access your account by the unauthorized third party. In addition, we took numerous measures to counter the efforts of these unauthorized third parties and to impede their efforts to validate credentials and access accounts. We care deeply about your Cyber Safety and work to provide the best security for your data, such as offering two-factor authentication which we strongly encourage you to use We are making a credit monitoring service available to you. If you would like additional information about this incident, or information on credit monitoring please contact our customer service (contact details below). This notification was not delayed as a result of a law enforcement investigation.<\/p>\n

NortonUfelocic Inc. ; 60 E Rio Satufo Pkvey STE \/COD. Tempe. AZ 85281 : Nort0niaLoc1c.com<\/p>\n

\u00c4hnliche Artikel:<\/strong>
\nInvestoren aus Bahrein \u00fcbernehmen AV-Hersteller Avira<\/a>
\nAvira for Business f\u00fcr 1.1.2022 abgek\u00fcndigt<\/a>
\nVerkauft: Avira geht an an neuen Eigent\u00fcmer NortonLifeLock<\/a>
\nKrass: Norton 360 installiert Krypto-Miner<\/a>
\nAvira Crypto: Auch Avira lockt die Nutzer mit Krypto-Miner<\/a>
\nNorton 360 Krypto-Miner: Der Anbieter sch\u00f6pft den Profit ab, Nutzer schauen in die R\u00f6hre<\/a>
\nAvast wird von Norton f\u00fcr 8,6 Milliarden US-Dollar gekauft<\/a>
\nSymantec-\u00dcbernahme durch Broadcom abgeschlossen<\/a>
\nNutzerberichte: TP-Link-Router teilen Traffic mit Drittanbietern (Avira)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Warning to all users of Password Manager accounts from the vendor NortonLifeLock. There was a credential stuffing attack on NortonLifeLock users' accounts in December 2022. The vendor believe that the attackers were successful on a number of user accounts and … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[63,580],"tags":[69],"class_list":["post-28418","post","type-post","status-publish","format-standard","hentry","category-cloud","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=28418"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28418\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=28418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=28418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=28418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}