>
Norton LifeLock has announced that a large number of customer accounts have been affected by a breach.
A customer message from Gen Digital, Norton’s parent company, claimed that the breach was likely the result of a credential stuffing attack, where attackers use lists of previously released passwords to hack numerous victims’ accounts, assuming they are using the same password for multiple services.
On December 12, 2022, Gen Digital said it had received a large number of failed login attempts, pointing it to the attack. It believes that compromised accounts date back to December 1.
Passwords at risk
Considering that many admit to reusing the same passwords for different accounts, these attacks can be quite effective.
The messages were sent to more than 6,000 customers whose accounts had been hacked. Gen Digital stated that hackers may have obtained personal information by hacking customer accounts, such as names, phone numbers and addresses. Passwords stored using the password manager may also have been accessed, with Gen Digital warning that this cannot be ruled out.
LifeLock is an anti-theft identification platform from Norton, the company best known for its once leading antivirus software. It also comes with the company’s Norton 360 security suite.
As Gen Digital itself recommends, multi-factor authentication is key to staying secure, by making sure it’s you trying to access your account. It works by sending a verification prompt or code to another of your devices, such as your smartphone, via SMS or a dedicated authentication app when it attempts to log into your account.
LifeLock’s password manager isn’t the only one facing a potential breach. LastPass has struggled since its customers’ password vaults were stolen last year, despite customers’ assurances that the passwords remained encrypted.
- For optimal security, consider using the best firewall