January 16, 2023

Customers of Norton LifeLock were victims of a credential-stuffing attack after cyberattackers broke into Norton accounts and password managers using a third-party list of stolen username and password combinations.

Gen Digital, Norton LifeLock’s parent company, stated in a customer notice that the likely source was a credential stuffing attack, in which previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords, rather than a compromise of its systems. As a result, two-factor authentication, as provided by Norton LifeLock, is recommended, as it prevents attackers from accessing someone’s account using only their password.

“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said.

According to a letter sample shared with the Office of the Vermont Attorney General, the attacks were the result of account compromise on other platforms rather than a breach on the company. According to the notice, an attacker attempted to log in to Norton customer accounts around December 1, 2022, using username and password pairs purchased from the dark web.

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers were able to obtain names, phone numbers, and mailing addresses from any successful Norton accounts.

The sources for this piece include an article in TechCrunch.