The parent of Norton LifeLock, Gen Digital, has reportedly sent out notices to as many as 6,450 customers telling them that their accounts have been breached and their personal data may now be in the hands of hackers.
According to the firm, Norton’s systems were not compromised. Instead, hackers used brute force software to guess the password of a large number of customers. These attempts remained undetected for weeks.
Customers whose password was accurately guessed had their accounts breached. As a result, their personal information could have been exposed. In addition, if their Password Manager key was equal or similar to the account’s password, it is highly likely that these access credentials were also stolen.
Also read: The 14 Best Antivirus Software for 2023
“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address”, said the e-mailed statement sent to LifeLock’s customers recently.
It Took Norton Two Weeks to Take Notice of Hackers’ Activities
The breach reportedly started on 1 December and it took the company around two weeks to take notice of the high volume of failed logins. LifeLock is used by Norton’s customers, among other things, to save passwords.
The company did not rule out that these passwords were accessed by the criminals meaning that their internet profiles and the credentials they use to access social media platforms, banking apps, and other similar interfaces may have been compromised.
Password managers appear to have been targeted by cybercriminals lately as LastPass’s systems, a competitor of Norton LifeLock, were recently breached as well although customers’ passwords were reportedly safe.
LastPass uses an encryption method that stores customers’ passwords locally. These access credentials can only be decrypted by using the account’s master password. If the master password is secure enough, LastPass claimed that it would take years for brute-force software to be able to access a person’s account.
However, LastPass acknowledged that some personal data may have been accessed as the hackers gained access to one of the company’s cloud storage services.
What is Norton LifeLock?
Norton Lifelock is a leading player in the cybersecurity industry. The company owns several well-known brands including Avira and ReputationDefender. The LifeLock solution is a subscription-based service that offers an antivirus solution for numerous devices such as PCs and smartphones along with a password management tool.
Password managers are applications that allow users to store the access credentials needed for multiple websites and systems. Norton LifeLock’s subscription costs start at $19.99 per year.
In September last year, Norton LifeLock completed a merger with Avast. Combined, the two companies reportedly serve nearly half a billion customers worldwide through their many cybersecurity solutions.
Are Password Managers Safe?
A password manager helps users store their access credentials online. In many cases, the software is easily used via browser extensions or mobile apps. Most password managers automatically fill in the required username and password fields to facilitate the login process.
“This is a very secure, encrypted storage and all the major players put a lot of effort into making sure customer’s vaults are secure”, commented Marina Titova, VP of Consumer Product Marketing at Kaspersky.
Cybersecurity firms like Norton have appropriate safeguards such as firewalls and two-factor authentications (2FA) to prevent unauthorized parties to breach their systems. However, brute force attacks are an old-fashioned method that aims to guess a person’s access credentials by repeatedly testing combinations.
Customers who have had their data siphoned by hackers should change their access credentials for virtually all of their active online services including online banking, subscription-based platforms, and social media.
Other Related Articles: