Norton LifeLock password breach

2 mins read

Norton LifeLock, one of the global leaders in cyber security, was exposed to a credential stuffing attack.

On December 12, 2022, Norton uncovered “an abundance of failed login attempts,” because of which, until December 22, 2022, the firm conducted an internal investigation. It determined that starting from around December 1, an unauthorized third party had used a list of usernames and passwords obtained from another source, such as the dark web, to attempt to log into Norton customer accounts, also revealed an undisclosed amount of customer accounts were successfully compromised.
Norton claims, “Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account.” The company warns the users utilizing Norton Password Manager feature that the details stored in it might have been compromised, especially if your Password Manager key is identical or similar to your Norton account password. In this instance, the larger issue depends on what users store in their accounts as it could compromise other online accounts, loss of digital assets, exposure of secrets, and more. The attack did not impact customers who had chosen different passwords for their Norton accounts.
Norton has since reset passwords on impacted accounts, introduced additional measures to fend off further attacks, and advised customers to enable two-factor authentication on their accounts. Additionally, it provides a credit monitoring service as an option.