Hot Topic: Gen Digital, the security company formerly known as Symantec and NortonLifeLock, is sending alerts to Norton Password Manager service customers. According to the company, an unauthorized third party may have gained access to Norton accounts not by hacking into their systems, but by a credential stuffing attack.
Credential injection is a type of attack in which an attacker collects a huge amount of stolen credentials, usually including usernames, email addresses, and/or passwords from previous hack data from other services. Hackers use these stolen credentials to attempt to gain unauthorized access to user accounts on other platforms – assuming the user has reused the same passwords – by attempting to break large-scale automated connections to web applications or remote applications.
Using two-factor authentication usually helps prevent this type of attack offered by NortonLifeLock because it prevents hackers from accessing an account with a simple password.
NortonLifeLock completed an internal investigation on or about December 22, 2022, finding an “unusually high number” of failed login attempts to customer accounts on December 12, 2022. The investigation found that since about December 1, 2022, an attacker used a list of usernames and passwords obtained from other sources such as illegal marketplaces on the dark web.
Norton customers were sent a security breach notice stating that they “firmly believe that an unauthorized third party knew and used your username and password for your account.” The Arizona-based company says 925,000 “inactive and active” Norton accounts may have been the target of credential stuffing attacks.
NortonLifeLock warns that cybercriminals could see “your first name, last name, phone number, and mailing address” when they successfully log in. For customers using Norton Password Manager, Norton states that it cannot rule out potential leakage of additional information and data stored there, “especially if your Password Manager key is the same or very similar to your account password. Norton,” the company warns.
To protect users and prevent further credential spoofing attacks, NortonLifeLock reset the affected Norton accounts and took “extensive measures” to counter the efforts of the hackers. The company strongly encourages users to enable two-factor authentication and offers a free credit monitoring service (Equifax, Experian or TransUnion) to affected users.
Norton also recommends that all users urgently change their passwords for all accounts they have saved in a password manager. According to NortonLifeLock, password hygiene is paramount. Therefore, users should change passwords regularly, avoid using the same password multiple times, and use only unique and complex passwords.