Norton LifeLock warns on Password Manager account compromises

Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning.

Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on the activity on Dec. 12, when its IDS systems flagged “an unusually high number of failed logins” on Norton accounts. After a 10-day investigation, it turns out that the activity stretched back to Dec. 1, the company said.

While Gen Digital didn’t say how many of the accounts were compromised, it did caution customers that the attackers were able to access names, phone numbers, and mailing addresses from any Norton accounts where they were successful.

And it added, “we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password.”

Those “details,” of course, are the strong passwords generated for any online services the victim uses, including corporate logins, online banking, tax filing, messaging apps, e-commerce sites, and more.

To read the complete article, visit Dark Reading.