NortonLifeLock - Gen Digital posted a breach notice to inform customers that hackers successfully infiltrated Norton Password Manager accounts. They clarified that the breach hasn't affected the company system, but was directed at user accounts.

User Account Breach

According to the letter shared with the Office of the Vermont Attorney General, the cyber attack was done by an unauthorized third party through credential stuffing. The hacker may have used a customer's own username and password to access their account.

As early as December 1st of 2022, the attacker attempted to match usernames and passwords that they have acquired from the dark web in order to get into the Norton accounts. Bleeping Computer says that the hackers tried to use the credentials in bulk.

This has resulted in a large number of login attempts, which the company detected on December 12th of 2022. The company launched an internal investigation which was completed ten days after the detection.

The review of their systems indicated that the attacks successfully breached a number of customer accounts. The company warned that by accessing the accounts, the hackers may have viewed customer names, phone numbers, and mailing addresses.

Norton also warned that they cannot rule out the possibility of the hackers obtaining details stored in the Norton Password Manager, which is likely if the user uses a similar or identical Password Manager key.

The threat actors may share the data obtained through the breach and share them with other unauthorized third parties. There's also the danger of them using passwords and email combinations to access other online accounts.

Read Also: How To Protect Your Passwords From Hackers

What's Being Done About the Issue

The firm claims to have quickly reset the affected customers' Norton password to prevent future attempts to access the accounts. They also took other measures to counter the efforts of third parties to validate credentials and access accounts.

Although Norton has intrusion detection systems that warn them of possible unauthorized account access, customers are still advised to use the company's two-factor authentication feature for an extra layer of security.

Norton recommended that customer change their passwords with Norton accounts and other as well wherein the same password was used. They also recommended changing passwords from time to time and using complex ones.

It's best for customers to review their account statements and monitor them for any suspicious activities. If there are irregularities detected, the customer should immediately alert the company that is maintaining the account.

There's also the potential for incidents of fraud or identity theft. Once hos occurs, customers should report it to the proper authorities, their state attorney general, the FTC, or file a police report, as suggested through the notice.

Other steps can be taken like users placing a fraud alert on their credit reports to identify possible fraudulent activities within their accounts. As a last resort, users can also issue a security freeze, wherein new credit will be prevented from being opened.

Related: Norton Research: Risky Habits of Gamers Exposed, Cyberattacks on Players Rampant