These attacks involve using known username/password combinations in the hope that users have reused the same username and password combination on multiple platforms.
Hackers compile password lists from multiple data breaches and try to use those credentials to access accounts on other platforms. This would be more likely if users’ Password Manager keys were the same or similar to their Norton account passwords.Ī credential stuffing attack is a low-complexity attack on accounts that involves trying multiple combinations of passwords that have been obtained from data breaches at unrelated services. NortonLifeLock was unable to confirm if customers’ Password Manager accounts had been compromised but could not rule out the possibility that the hackers may have validated users’ logon credentials and gained access to their password vaults. NortonLifeLock said the compromised accounts contained information such as first names, last names, phone numbers, and mailing addresses. NortonLifeLock confirmed that its systems remain secure and have not been hacked, but customer accounts had been subjected to unauthorized access. The investigation confirmed that LifeLock customers were being targeted in a credential stuffing attack, which commenced on or around December 1, 2022. Gen Digital, which owns NortonLifeLock, started detecting account compromises on December 12, 2021, when its intrusion detection system started generating alerts in response to a high volume of failed login attempts.
NortonLifeLock has recently notified approximately 6,450 individuals that their accounts have been accessed by unauthorized individuals and that their Password Manager accounts are at risk. Just a few weeks after LastPass confirmed hackers had stolen a copy of users’ encrypted password vaults comes the news of another password manager data breach. NortonLifeLock Warns Customers About Potential Password Manager Breach
0 kommentar(er)
