RISKS
What happened
In December 2022, thousands of Norton LifeLock customers had their accounts compromised, potentially allowing criminal hackers access to customer password managers, the company revealed in a data breach notice.
In a notice to customers in mid-January 2023, Gen Digital, the parent company of Norton LifeLock (which was acquired in 2017 by Symantec, then renamed NortonLifeLock in 2019 before being renamed again to Gen Digital), said that the likely culprit was a credential stuffing attack — where previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords — rather than a compromise of its systems. It’s why two-factor authentication, which Norton LifeLock offers, is recommended, as it blocks attackers from accessing someone’s account with just their password.
The notice explained that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts.
The firm detected “an unusually large volume” of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk.
By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.
“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said. The notice was sent to customers that it believes use its password manager feature, because the company cannot rule out that the intruders also accessed customers’ saved passwords.
Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more.
The company said it reset Norton passwords on impacted accounts to prevent attackers from gaining access to them again in the future and also implemented additional measures to counter the malicious attempts.
Gen Digital said it sent notices to about 6,450 customers whose accounts were compromised.
Like LastPass, another password manager application, LifeLock has a past history of data breaches, with at least one occurring in 2018, a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts. That enabled cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand.
Additionally, LifeLock was fined $12 million by the Federal Trade Commission in March 2010 for deceptive advertising. And, in 2015, the FTC found LifeLock to be in contempt of the 2010 agreement and obtained a $100 million monetary penalty against LifeLock to settle.
Why is this important?
While using a password manager can help those who have trouble keeping track of passwords, those applications need to be fully secured using multiple layers of security, just like any other application.
What does this mean to me?
As noted above two-factor or Multi-Factor Authentication (MFA) can provide an additional layer of protection for systems such as LifeLock which can help block cyber criminals from getting through. To the extent that those criminals might be able to access company applications via stored usernames and passwords in LifeLock, it’s important to have an incident response plan in place to respond to incidents like the one that occurred at LifeLock. Finally, cyber security awareness training is important to ensure that affected parties are prepared for phishing attacks that could result from the personal info exposed.
APPROACHES
Helpful Controls
- Multi-Factor Authentication (MFA)
- EDR, MDR, XDR
- Cyber Security Awareness Training
Commonality of attack
High
Article on story
Norton LifeLock says thousands of customer accounts breached
HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, and more that impact your risk management program.
SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING