Gen Digital, formerly Symantec Corporation and NortonLifeLock, has warned its customers that hackers attempted to break into Norton accounts, and possibly password managers, using a third-party list of stolen username and password combinations.
In a data breach notification the company said that its systems were not hacked, and that the breach was a result of account compromise on other platforms.
The breach was detected on December 12, 2022, when the company’s intrusion detection systems flagged “an unusually high number of failed logins” on Norton accounts. An internal investigation that ran until December 22 found that the attacks started from December 1, and that a number of accounts were successfully compromised. More specifically, the attackers performed a credential stuffing attack where they used credentials bought from the dark web to attempt to log into customers’ accounts.
“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the company said, without revealing the number of affected accounts.
“We cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password,” it added.
Norton said it promptly reset all user passwords once it became aware of the breach, and urged customers to change all account passwords stored inside the password manager and to incorporate multi-factor authentication on their Norton accounts.
Last August, password management software firm LastPass, a company behind a widely used password management tool, disclosed a security incident, which resulted in the theft of source code and proprietary technical information.