On January 9, 2023, NortonLifeLock alerted users of concerns about their personal information and urged customers to change their master passwords. The security company stated that it had detected malicious activities in which an unauthorized party may have obtained users' credentials, such as their email addresses and passwords, from the company's password manager.
The company states that the attacks were the consequence of credential stuffing attacks on other platforms, not a breach of the corporation.
According to the company, on December 1, 2022, an unauthorized third party attempted to gain access to Norton accounts by utilizing login credentials obtained from the Dark Web. This same instance was linked to December 12, 2022, in which the company stated that they "detected a substantial volume of failed login attempts to customer accounts."
The company's system was not breached. However, users' personal information is at risk of being accessed by unauthorized parties, especially for those who utilize Norton's password manager.
What information was exposed to the Dark Web?
Norton states that the unauthorized party may have information that includes but is not limited to:
- First and last names
- Phone numbers
- Email address
More specifically, the con artists can take this information and make it available to other sources as well as use these credentials to enter into users' online accounts.
What steps has Norton taken to fix this issue?
- Reset all users' credentials
- Implemented further safeguards to prevent malicious attempts.
- Advised users to utilize their multi-factor authentication
- Deployed a credit monitoring application
Are there any recent updates?
On January 14, 2023, Bleeping Computer states that a Norton representative gave an update on the issue, saying, "We have been monitoring closely, flagging accounts with suspicious login attempts and proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our customers. We continue to work with our customers to help them secure their accounts and personal information".
The Infiniwiz technical team in the Chicagoland area takes a proactive approach to your cybersecurity. We set up the proper IT protocols and help you implement the employee procedures to keep your data and network safe from online hackers. However, make sure to do your part in staying alert. If you have any more questions, feel free to contact us!