 |
| Hacking the accounts of thousands of Norton LifeLock customers |
Gen Digital, the developer of Norton LifeLock, has announced a data breach that compromised thousands of its customers over the past few weeks, which could allow hackers to access customers' password management capabilities.
The company hypothesizes that so-called "credential stuffing attacks" could be behind the hack. This type of attack uses previously disclosed or compromised credentials to compromise accounts on different websites and services that use the same password rather than the same system.
To prevent such attacks, users are advised to implement two-factor authentication enabled by Norton LifeLock as it prevents attackers from accessing personal accounts using only their passwords.
The company said the attack began on December 1, and about two weeks later, on December 12, 2022, its systems detected a large number of failed customer account logins.
"If your username and password are used to access your account, an unauthorized third party may be able to see your name, parents' name, phone number, and mailing address," the company said in its privacy breach notice to customers.
The notice was sent to customers Gen Digital said use its password management capabilities, as the company couldn't rule out that the hackers also had access to customers' stored passwords.
The company said it notified about 6,450 customers whose accounts were hacked. Norton LifeLock provides customers with identity protection and network security services.
In recent weeks, leading password manager LastPass confirmed a data breach where hackers stole millions of customers' encrypted passwords.
However, password management services are still widely recommended by security experts for generating and storing unique passwords, as long as proper precautions and safeguards are in place to limit the impact in the event of a breach.