Hackers Hijack NortonLifeLock Customer Accounts

Written by

NortonLifeLock has told some customers that malicious third parties have likely accessed their accounts, potentially even reaching their password vaults.

The data breach notification letter shared with customers was posted to the Vermont attorney general’s office website. It said that hackers have likely accessed their Norton and Norton Password Manager accounts using username and password login combos.

However, the vendor, owned by Gen Digital, confirmed that these logins had not been obtained via a breach of its own IT environment.

“Our own systems were not compromised,” it said. “However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account. This username and password combination may potentially also be known to others.”

In fact, the threat actors in question bought the login credentials from the dark web back in December 2022 and then tried them in “an unusually large volume” across Norton accounts, the notice continued.

This would indicate a credential stuffing attack, in which hackers use automated software to try breached logins across multiple sites simultaneously in the hope that they have been reused.

The notice warned recipients that if their accounts had been accessed, the threat actors may have been able to view account holders’ first and last name, phone number and mailing address.

However, an even more serious prospect is if those same bad actors managed to access password vaults containing logins to multiple other websites and accounts across the web.

The news comes just weeks after another password manager vendor, LastPass, revealed that hackers managed to access backups of password vault data including usernames and passwords.

However, that information was encrypted, it said.

A reported 6500 customers were impacted by the NortonLifeLock incident.

Gen Digital said it had been requiring customers whose accounts were subject to suspicious login attempts to reset their passwords, and that it had rolled out “additional security measures.”

Editorial credit icon image: viewimage / Shutterstock.com

What’s hot on Infosecurity Magazine?