Norton LifeLock clients have fallen sufferer to a credential-stuffing assault. Cyberattackers used a third-party record of stolen username and password combos to try to interrupt into Norton accounts, and probably password managers, the corporate is warning.
Gen Digital, proprietor of the LifeLock model, is sending data-breach notifications to clients, noting that it picked up on the exercise on Dec. 12, when its IDS methods flagged “an unusually excessive variety of failed logins” on Norton accounts. After a 10-day investigation, it seems that the exercise stretched again to Dec. 1, the corporate stated.
Whereas Gen Digital did not say how most of the accounts have been compromised, it did warning clients that the attackers have been in a position to entry names, telephone numbers, and mailing addresses from any Norton accounts the place they have been profitable.
And it added, “we can’t rule out that the unauthorized third social gathering additionally obtained particulars saved [in the Norton Password Manager], particularly in case your Password Supervisor key’s similar or similar to your Norton account password.”
These “particulars,” in fact, are the robust passwords generated for any on-line providers the sufferer makes use of, together with company logins, on-line banking, tax submitting, messaging apps, e-commerce websites, and extra.
Password Reuse Subverts Password Administration
In credential-stuffing assaults, menace actors use a listing of logins obtained from one other supply — shopping for cracked account information on the Darkish Internet, as an example — to strive towards new accounts, hoping that customers have reused their e mail addresses and passwords throughout a number of providers.
As such, the irony of the Norton incident is just not misplaced on Roger Grimes, data-driven protection evangelist at KnowBe4.
“If I perceive the reported information, the irony is that the victimized customers would have in all probability been protected if that they had used their concerned password supervisor to create robust passwords on their Norton logon account,” he stated by way of e mail. “Password managers create robust, completely random passwords which might be basically unguessable and uncrackable. The assault right here appears to be that customers self-created and used weak passwords to guard their Norton logon account that additionally protected their Norton password supervisor.”
Attackers recently have centered id and entry administration methods as a goal, provided that one compromise can unlock a veritable treasure trove of information throughout high-value accounts for attackers, to not point out a bevy of enterprise pivot factors for transferring deeper into networks.
LastPass, as an example, was focused in August 2022 by way of an impersonation assault, wherein cyberattackers have been in a position to breach its improvement surroundings to make off with supply code and buyer knowledge. Final month, the corporate suffered a follow-on assault on a cloud storage bucket that it makes use of.
And final March, Okta revealed that cyberattackers had used a third-party buyer assist engineer’s system to achieve entry to an Okta back-end administrative panel for managing clients — amongst different issues. About 366 clients have been impacted, with two precise knowledge breaches occurring.