Hackers Target Active, Inactive Norton LifeLock Accounts
Over 900,000 active and inactive Norton LifeLock accounts have been targeted by credential stuffing attacks.
Gen Digital, which owns Norton LifeLock, sent us the following statement:
“Gen’s family of brands offers products and services to approximately 500 million users. We have secured 925,000 inactive and active accounts that may have been targeted by credential-stuffing attacks. Our top priority is to help our customers secure their digital lives. Our security team identified a high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers. And we quickly took a variety of actions to help secure our customers’ accounts and their personal information. Systems have not been compromised, and they are safe and operational. But as is all too commonplace in today’s world, bad actors may take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts.”
Gen Digital said it’s been monitoring closely, flagging accounts with suspicious login attempts and requiring those customers to reset their passwords upon login along with additional security measures to protect customers. It continues to work with customers to help them secure their accounts and personal information.
“We strongly encourage our customers to use good password hygiene – strong, complex passwords unique to each account – and use 2FA to help protect against these types of attacks,” it said. “And we have put additional security protocols and technology in place to help defend against these types of attacks.”
Timothy Morris is Tanium‘s chief security advisor.
“While nothing new, credential stuffing is growing in popularity due to the enormous amount of compromised credential lists (user ID/email and password pairs) increasingly available to criminals in illicit forums,” he said. “This sensitive information dramatically simplifies a hacker’s ability to automate their attack and simultaneously attempt millions of log-ons per second. Due to this sustained volume of assault, they inevitably find vulnerabilities and steal personal data on a mass scale.”
Darren Guccione is Keeper Security‘s CEO and co-founder.
“Our research shows the average U.S. business experiences 42 cyberattacks per year, with three of them successful,” he said. “While the impact to business operations and financial losses may be the most tangible examples of the damage that these attacks cause, the reputational impacts can be equally devastating. These attacks show no signs of slowing down, as 78% of IT professionals only expect this onslaught to intensify.”
Password managers protect an individual or organization’s most sensitive accounts and information, Guccione said.
“It is essential that the public understand over 80% of data breaches are due to weak or stolen passwords, credentials and secrets,” he said.
