16 January 2023

Norton Password Manager accounts targeted in credential-stuffing attack


Norton Password Manager accounts targeted in credential-stuffing attack

Gen Digital, formerly Symantec Corporation and NortonLifeLock, has warned its customers that hackers attempted to break into Norton accounts, and possibly password managers, using a third-party list of stolen username and password combinations.

In a data breach notification the company said that its systems were not hacked, and that the breach was a result of account compromise on other platforms.

The breach was detected on December 12, 2022, when the company’s intrusion detection systems flagged “an unusually high number of failed logins” on Norton accounts. An internal investigation that ran until December 22 found that the attacks started from December 1, and that a number of accounts were successfully compromised. More specifically, the attackers performed a credential stuffing attack where they used credentials bought from the dark web to attempt to log into customers’ accounts.

“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the company said, without revealing the number of affected accounts.

“We cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password,” it added.

Norton said it promptly reset all user passwords once it became aware of the breach, and urged customers to change all account passwords stored inside the password manager and to incorporate multi-factor authentication on their Norton accounts.

Last August, password management software firm LastPass, a company behind a widely used password management tool, disclosed a security incident, which resulted in the theft of source code and proprietary technical information.

Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023