It’s more likely that the crooks’ main target was the information stored in the Norton Password Manager feature. However, this would be a long-winded and time-consuming attack method, particularly given the ease with which attackers can infect people without having to compromise their security tools. In theory, they could adjust users’ settings to disable anti-malware warnings, then launch phishing campaigns designed to infect victims’ devices. It’s unclear exactly what the cyber criminals’ motivation was for this attack, and therefore we don’t know what they planned to do with the compromised NortonLifeLock accounts. If one account is compromised, attackers can use the information elsewhere. The technique works because many people reuse their login credentials on multiple sites. The organisation detected “an unusually large volume” of failed login attempts on 12 December 2022, indicating that users were being targeted in credential-stuffing attacks.Ĭredential stuffing refers to the practice of using lists of previously exposed usernames and passwords to access other sites. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account,” NortonLifeLock said. Rather, a cyber criminal used credentials that they had purchased from the dark web in an attempt to log in to Norton customer accounts. In a letter shared with the Office of the Vermont Attorney General, Gen Digital stated that the attack didn’t result from a breach of its own IT environment. However, it’s unclear what damage the cyber criminals were able to inflict before the vulnerability was closed. Gen Digital, the parent company behind NortonLifeLock, confirmed that the breach began on 1 December 2022 and that all affected accounts have since between secured. The attackers might also have had access to Norton Password Manager users’ private vault data, which contains stored passwords for other online accounts. The company, which specialises in antivirus software and identity theft protection, said that 925,000 people were targeted in a credential-stuffing attack.Ĭustomers’ full names, phone numbers and mailing addresses are thought to have been exposed in the incident. NortonLifeLock customers have been warned that their accounts may have been compromised in a security breach.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |