The company behind NortonLifeLock, Gen Digital, has issued a warning to customers about a security breach that took place in December. Hackers used a credential-stuff attack to gain access to hundreds of thousands of Norton Password Manager accounts.
Gen Digital says that its own systems were not compromised, but warns affected customers that “we strongly believe that an unauthorized third party knows and has utilized your username and password for your account”.
The breaching of usernames and passwords is extremely concerning, and the warning goes on to suggest that “this username and password combination may potentially also be known to others”.
The breach started in early December when hackers made used of user credentials acquired on the dark web. An “unusually large volume” of unsuccessful logins in mid-December made it clear that a credential-stuffing attack was taking place, leading to an investigation by Gen Digital.
The company warns customers:
In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address.
There is also a strong likelihood that sensitive data protected by details stored in the password manager may have been accessed.
In a statement given to Bleeping Computer, Gen Digital said:
Gen’s family of brands offers products and services to approximately 500 million users. We have secured 925,000 inactive and active accounts that may have been targeted by credential-stuffing attacks.
Our top priority is to help our customers secure their digital lives. Our security team identified a high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers, and we quickly took a variety of actions to help secure our customer’s accounts and their personal information. Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts.
We have been monitoring closely, flagging accounts with suspicious login attempts and proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our customers. We continue to work with our customers to help them secure their accounts and personal information.