Norton LifeLock’s servers were breached, and the accounts of more than 6000 consumers have been compromised.
According to Gen Digital, Norton LifeLock’s parent company, the attack was a credential-stuffing where the attacker used the previously exposed credentials to exploit accounts and services sharing the same passwords. So, it’s likely their systems weren’t compromised.
The intruders hacked data as far back as December 1, two weeks before a large volume of failed logins was detected by the systems, reported Tech Crunch.
The company is sending breach notices to about 6450 customers whose data is believed to be compromised.
“In accessing your account with your username and password, the unauthorised third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said.
The company also said it is highly likely that hackers might have access to the saved passwords of the customers. This is the latest such attack on customers’ passwords. In December, the password vault of password manager giant LastPass was hacked. Before that, another such attack happened on Passwordstate, where intruders managed to push tainted software and got access to users’ passwords.
To save themselves from such attacks and to make their accounts safe, people should use two-factor authentication, which blocks cybercriminals’ attempts to gain access to the account with just a password.
Security professionals still recommend password managers for storing and generating unique passwords. As is true for all online services, people should use the best practices to protect themselves.