More than 6,000 customers of NortonLifeLock have been informed that nefarious outsiders have probably accessed their accounts and may have even gotten to their password vaults. The letter informing customers of the data breach was published on the Vermont attorney general’s website. It stated that hackers have probably gained access to their Norton and Norton Password Manager accounts using username and password login combinations.
The vendor, a Gen Digital company, confirmed that these logins weren’t obtained through a breach of its own IT system. It declared that “our own systems were not compromised.” “However, we firmly suspect that an uninvited third party has used your login and password for your account. This username and password pair might be known to others as well.
The letter went on to say that the threat actors had purchased the login information on the dark web in December 2022 and had subsequently attempted it “in an unusually large volume” across Norton accounts.
This could signify a credential stuffing assault, in which cybercriminals use automated software to simultaneously try compromised logins on several sites in the hopes that they have been reused. The notification informed recipients that their first and last names, contact information, and mailing addresses would have been visible to threat actors if their accounts had been compromised.
The risk would be significantly more significant if the same malicious actors gained access to password vaults containing logins for several websites and online accounts. The announcement comes just after LastPass, another provider of password managers, disclosed that hackers had gained access to password vault backups containing usernames and passwords.
Compromised Password Manager Accounts On NortonLifeLock
The NortonLifeLock problem reportedly had a negative impact on 6500 consumers. Gen Digital said it had been “adding” “extra” “security.” It had been working on customers’ accounts whose accounts were exposed to accounts with suspicious login attempts.
The notification has it that around December 1, 2022, an attacker made an attempt to access Norton customer accounts. This happened using different login and password combinations they had previously purchased from the darknet.
Also, on December 12, 2022, the company discovered “an unusually large amount” of failed login attempts, which points to a credential stuffing attack where threat actors examine out credentials at large. The company’s in-house findings ended on December 22, 2022. It demonstrated that an unknown number of customer accounts had been effectively compromised as a result of the credential-stuffing attacks.
Utilizing your login and password to access your username and account, the unlocked person may perhaps read your first name, last name, last name, phone number, and mailing address. The notification informs users of the Norton Password Manager function that the attackers may have accessed information kept in private vaults. This might result in the compromise of other online accounts being hacked into other online accounts being
Users that use similar Norton account passwords and Password Manager master keys are also under threat, according to NortonLifeLock, because doing so makes it simpler for attackers to switch hats.
The company claims to have changed the Norton passwords on the impacted accounts to make it more challenging for attackers to have a direct pass to them in the future and to add more security measures to deter illicit attempts. NortonLifeLock advises users to use two-factor authentication and take advantage of a credit monitoring service to secure their accounts.
Tips For Staying Safe On NortonLifeLock
NortonLifeLock is a well-known brand in online consumer security. Unfortunately, hackers seek to abuse the trust we’ve earned by using our name and logo falsely to try to swindle and rip off customers.
- Phishing (or Email Fraud)
Inauthentic messages frequently attempt to arouse a sense of urgency by threatening to charge your credit card if you don’t answer or by issuing alerts about lapsed anti-virus settings or computer infections. The reader is typically asked to visit a fake website, download an attachment, dial a 1300 number, or react with personal or account information in response to an urgent request that they contact someone.
- Fraudulent Tech Support
Tech support fraud can result from phishing emails instructing you to call or click for technical support. To build confidence and deceive customers into contacting these phony tech help representatives, hackers have pretended to be NortonLifeLock tech support representatives.
- Payment requests
A fraudster or hacker is probably making any request to do so. Similarly, NortonLifeLock will never ask for payment via electronic gift cards or cryptocurrencies.
- Defend yourself.
Avoid risk by avoiding shady emails or texts that appear to be from NortonLifeLock. It is not from NortonLifeLock if the communication makes use of intimidation techniques, threats, or requests for personal or financial information. Avoid responding to strange emails or texts, and refrain from clicking any links or opening any attachments.
You should have your computer checked for malware if you were duped into opening a harmful file or clicking a dubious link as part of an online scam. Once fraudsters obtain remote access to your computer, there is a significantly increased risk of identity theft and financial damage.
Conclusion
Customers are receiving warnings from NortonLifeLock that their accounts for Norton Password Manager have been successfully compromised by hackers using credential-stuffing tactics. According to a letter sample given to the Office of the Vermont Attorney General, the attacks were the consequence of account penetration on other platforms rather than a breach on the company’s end. “No sacrifice was made to our own systems. But we’re convinced that an uninvited party has access to and used your username and password for your account “explained NortonLifeLock.
