NortonLifeLock Warns Customers About Potential Password Manager Breach

By | January 18, 2023

Just a few weeks after LastPass confirmed hackers had stolen a copy of users’ encrypted password vaults comes the news of another password manager data breach. NortonLifeLock has recently notified approximately 6,450 individuals that their accounts have been accessed by unauthorized individuals and that their Password Manager accounts are at risk.

Gen Digital, which owns NortonLifeLock, started detecting account compromises on December 12, 2021, when its intrusion detection system started generating alerts in response to a high volume of failed login attempts. The investigation confirmed that LifeLock customers were being targeted in a credential stuffing attack, which commenced on or around December 1, 2022.

NortonLifeLock confirmed that its systems remain secure and have not been hacked, but customer accounts had been subjected to unauthorized access. NortonLifeLock said the compromised accounts contained information such as first names, last names, phone numbers, and mailing addresses. NortonLifeLock was unable to confirm if customers’ Password Manager accounts had been compromised but could not rule out the possibility that the hackers may have validated users’ logon credentials and gained access to their password vaults. This would be more likely if users’ Password Manager keys were the same or similar to their Norton account passwords.

A credential stuffing attack is a low-complexity attack on accounts that involves trying multiple combinations of passwords that have been obtained from data breaches at unrelated services. Hackers compile password lists from multiple data breaches and try to use those credentials to access accounts on other platforms. These attacks involve using known username/password combinations in the hope that users have reused the same username and password combination on multiple platforms.

NortonLifeLock reset the passwords for all affected accounts and took other steps to counter the efforts of the unauthorized third party and has strongly recommended affected users change their Norton passwords immediately, as well as all other accounts that share the same password and all passwords the affected users’ Password Manager accounts. Users that set unique passwords for their Norton accounts were not affected.

Account breaches such as this are all too common and succeed due to poor password practices. A password manager can improve security, but only if password best practices are followed. A password manager can contain a user’s entire collection of passwords, sensitive information such as credit card details, and private documents. It is therefore essential to set a long, complex, and unique password for the password manager and activate 2-factor authentication. A passphrase of at least 12 characters is recommended.

The post NortonLifeLock Warns Customers About Potential Password Manager Breach appeared first on HIPAA Journal.