NortonLifeLock has told some customers that a malicious third party likely accessed their account and could even reach the password vault.
A data breach notification shared with a customer was posted on the Vermont Attorney General’s Office website. Hackers said they likely used a username and password login combo to gain access to Norton and Norton Password Manager accounts.
However, the Gen Digital-owned vendor has confirmed that these logins were not obtained by compromising their IT environment.
“Our own system was not compromised,” it said. “However, we strongly believe that an unauthorized third party knows and is misusing your account username and password. This username and password combination is known to other users. There is a possibility.”
In fact, the threat actor in question purchased login credentials from the dark web in December 2022 and tried them in an “unusually large amount” across Norton accounts, the notice continues.
This could indicate a Credential Stuffing attack, where hackers use automated software to attempt compromised logins on multiple sites simultaneously in hopes of being reused.
The notice warned that if the recipient’s account was accessed, the attacker could have viewed the account holder’s first name, last name, phone number, and mailing address.
But a more serious possibility is if the same malicious person gains access to a password vault containing logins to multiple other websites and accounts on the web.
The news comes just weeks after another password manager vendor, LastPass, revealed hackers had access to backups of password vault data, including usernames and passwords.
However, the information was encrypted.
A reported 6,500 customers were affected by the NortonLifeLock incident.
Gen Digital is requiring customers whose accounts have been subject to suspicious login attempts to reset their passwords, and said it has deployed “additional security measures.”
Editorial Credit Icon Image: viewimage / Shutterstock.com
