Norton LifeLock clients have fallen sufferer to a credential-stuffing assault. Cyberattackers used a third-party checklist of stolen username and password combos to aim to interrupt into Norton accounts, and probably password managers, the corporate is warning.
Gen Digital, proprietor of the LifeLock model, is sending data-breach notifications to clients, noting that it picked up on the exercise on Dec. 12, when its IDS techniques flagged “an unusually excessive variety of failed logins” on Norton accounts. After a 10-day investigation, it seems that the exercise stretched again to Dec. 1, the corporate mentioned.
Whereas Gen Digital did not say how most of the accounts had been compromised, it did warning clients that the attackers had been in a position to entry names, telephone numbers, and mailing addresses from any Norton accounts the place they had been profitable.
And it added, “we can’t rule out that the unauthorized third social gathering additionally obtained particulars saved [in the Norton Password Manager], particularly in case your Password Supervisor secret is an identical or similar to your Norton account password.”
These “particulars,” after all, are the robust passwords generated for any on-line companies the sufferer makes use of, together with company logins, on-line banking, tax submitting, messaging apps, e-commerce websites, and extra.
Password Reuse Subverts Password Administration
In credential-stuffing assaults, menace actors use an inventory of logins obtained from one other supply — shopping for cracked account information on the Darkish Internet, as an example — to attempt towards new accounts, hoping that customers have reused their electronic mail addresses and passwords throughout a number of companies.
As such, the irony of the Norton incident just isn’t misplaced on Roger Grimes, data-driven protection evangelist at KnowBe4.
“If I perceive the reported information, the irony is that the victimized customers would have most likely been protected if that they had used their concerned password supervisor to create robust passwords on their Norton logon account,” he mentioned through electronic mail. “Password managers create robust, completely random passwords which are primarily unguessable and uncrackable. The assault right here appears to be that customers self-created and used weak passwords to guard their Norton logon account that additionally protected their Norton password supervisor.”
Attackers recently have targeted identification and entry administration techniques as a goal, provided that one compromise can unlock a veritable treasure trove of information throughout high-value accounts for attackers, to not point out a bevy of enterprise pivot factors for transferring deeper into networks.
LastPass, as an example, was focused in August 2022 through an impersonation assault, by which cyberattackers had been in a position to breach its growth atmosphere to make off with supply code and buyer knowledge. Final month, the corporate suffered a follow-on assault on a cloud storage bucket that it makes use of.
And final March, Okta revealed that cyberattackers had used a third-party buyer help engineer’s system to realize entry to an Okta back-end administrative panel for managing clients — amongst different issues. About 366 clients had been impacted, with two precise knowledge breaches occurring.