Norton LifeLock confirms that thousands of accounts for its services have been hacked

Gen Digital, the parent company that was Former Consumer division of SymantecAnd Norton Live Lookhas confirmed it Thousands of user accounts for its services have been hacked, potentially giving attackers access to the password managers of your customers who use this feature. It is therefore imperative that all Norton LifeLock users change their account access passwords as soon as possible.

Apparently, the security breach that caused third party access to the accounts was an attack through credentials, not a direct hack into the service’s systems. As they indicated in Techcrunchin the notice sent by Gen Digital to affected customers, the attack was caused by an attack through credentials, using some that were exposed in a previous attack on other services, or on the system itself, which are later used to access other services through accounts that You share the same password.

The security breach occurred on December 1, 2022, and several days later, on December 12, the company’s systems detected a large number of failed logins trying to access service accounts. Seeing what happened, they opened an investigation and discovered the attack.

Those who accessed the accounts, yes, were able to see the various personal data of their owners. This includes your full name, phone number, and email address. Of course, the company cannot rule out that the attackers gained access to the Norton LifeLock password management function and, accordingly, the passwords stored in it.

it seems, About 6,450 Norton LifeLock customer accounts have been compromised during the attack. Therefore, it is not a widespread attack like the others, but it does reveal a fairly common problem among users and consumers who do not suspect that their accounts may be compromised. If you use similar emails and passwords in different user accounts, you are more likely to experience a security breach. For this reason, they at Gen Digital recommend using a unique password for each service, and activating two- or more-step verification when possible.

Photo: Tony Webster