Customers are receiving data breach warnings from Symantec Corporation and NortonLifeLock, telling them that hackers have successfully infiltrated Norton Password Manager accounts in credential-stuffing attacks.
According to a letter supplied with the Office of the Vermont Attorney General, the attacks were the consequence of account compromise on other platforms rather than a breach on the corporation.
“Our internal systems were not jeopardized. However, we think that an unauthorized third party has obtained and used your login and password for your account “According to NortonLifeLock.
“This login and password combination may be known to others as well.”
More precisely, the warning states that around December 1, 2022, an attacker attempted to enter in to Norton customer accounts using username and password combinations purchased from the dark web.
On December 12, 2022, the business identified “an exceptionally high amount” of unsuccessful login attempts, suggesting credential stuffing assaults in which threat actors test out credentials in mass.
The corporation had finished its internal investigation by December 22, 2022, which determined that the credential stuffing assaults had successfully compromised an unspecified number of consumer accounts.
The alert advises users who use the Norton Password Manager service that the attackers may have accessed information kept in private vaults.
Depending on what users put in their accounts, this might result in the compromising of other online accounts, the loss of digital assets, the revelation of secrets, and other consequences.
According to NortonLifeLock, the danger is particularly high for people who utilize identical Norton account passwords and Password Manager master keys, which allows attackers to pivot more easily.
According to the firm, it has changed Norton passwords on compromised accounts to prevent attackers from obtaining access to them in the future, and it has also adopted new security measures to resist the fraudulent efforts.
NortonLifeLock also recommends that clients setup two-factor authentication to secure their accounts and take advantage of the credit monitoring service provided.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.