Norton Password Manager & Norton LifeLock, a company that says it will keep you safe online, found that an unauthorized third party was trying to log into many customer accounts.
The company is telling customers to change their passwords or risk having them stolen.
On Friday, January 13, 2023, Norton’s legally required notice of a data breach was posted on the Office of the Vermont Attorney General’s website.
The security software company discovered the problem for the first time on December 12, when the unusual activity in the system was picked up by intrusion detection systems and sent a message to the security team.
This made them realize that there was a chance the customer accounts had been hacked.
Norton found that the event happened on December 1.
By December 22, the investigation had found that it was likely that the third party got the extensive list of usernames and passwords from somewhere else, like the dark web.
An unauthorized user or third party may have looked at your account by using your username and password. In addition, they may have seen your first name, last name, phone number, and mailing address.
It’s the second time in the past year that a well-known password manager has been broken into, making many people wonder if they can really be trusted.
LastPass, a popular password manager, was hacked in 2022, hurting its users’ reputations.
Since the LifeLock plan includes Norton’s Password Manager Feature, the company warned customers that the third-party user had probably also taken the usernames and passwords stored in their password vault.
Norton said that individual email addresses often used as account names would also be considered exposed.
When the company discovered the many login attempts, they “quickly changed all user passwords.”
Norton said that none of its systems were hacked during the attack.
Customers were told to change all passwords stored in the password manager and to add multi-factor authentication to their Norton accounts.
In the event of a data breach, Vermont’s Data Breach Protection Law gives private companies up to 45 days to tell customers if their personally identifiable information (PII) or login credentials may have been stolen.
The security company is giving all of its clients’ free credit monitoring. Norton said that law enforcement is also a part of the investigation.
Systems have yet to be broken into, says the parent company.
However, Gen Digital, which owns Norton LifeLock, told Cybernews that their security team found many attempts to log in to Norton accounts, suggesting that credential-stuffing attacks are targeting their customers.
“Systems have not been broken into, and they are safe and working,” a Gen spokesperson said. “However, it is all too common in today’s world for bad actors to use credentials they find elsewhere, like on the Dark Web, to launch automated attacks to get into accounts that have nothing to do with them.”
Norton Password Manager said it would keep implementing new security protocols and technologies to help protect itself from these attacks. For example, customers are told to use strong, complicated passwords that are different for each account.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.