Thousands of Norton LifeLock Customers Compromised in Credential Stuffing Attack

Threat Advisory
Written By Lee Vaniderstine

Gen Digital, the parent company of Norton LifeLock, recently revealed that thousands of its customers had their accounts compromised in a recent data breach. The likely culprit was a credential stuffing attack, where previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords. In this advisory, we will discuss the threat, why it is noteworthy, the exposure or risk, and recommendations to protect yourself.

What is the Threat?

The threat is a credential stuffing attack, where attackers use previously exposed or breached credentials to break into accounts on different sites and services that share the same passwords. In this case, the attackers used login credentials they had acquired from the dark web to attempt to log in to Norton LifeLock customer accounts.

Why is it Noteworthy?

This attack is noteworthy because it highlights the ongoing threat of credential stuffing attacks, which can have serious consequences for individuals and organizations. Additionally, it is notable that this attack occurred despite the use of two-factor authentication, which is often recommended as a means of protecting against these types of attacks.

What is the Exposure or Risk?

The exposure or risk in this case is that the attackers were able to access customer account information, including first name, last name, phone number, and mailing address. Additionally, the company cannot rule out that the intruders also accessed customers’ saved passwords, which could potentially lead to further harm.

What are the Recommendations?

  • Use unique and strong passwords for all of your accounts.

  • Enable two-factor authentication whenever possible.

  • Avoid reusing passwords across multiple accounts.

  • Use a password manager to generate and store unique passwords.

  • Be vigilant for phishing attempts and suspicious activity on your accounts.

References

Lee Vaniderstine
Previous

Vulnerability in Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Exposed to Remote Command Execution
Next

Securing RDP Connections: Protect Your Business from Cyber Attacks