Over 6,000 Norton LifeLock customers’ accounts were compromised as a result of a data breach affecting cyber-security services provider.
According to TechCrunch, the data breach may have given hackers access to their password managers.
The parent company of Norton LifeLock, Gen Digital, stated in a message to customers that a credential stuffing attack was probably what caused the data leak.
A cyberattack method known as “credential stuffing” allows attackers to break into a system by using lists of compromised user credentials.
The company claims that accounts were hacked as early as December 1st.
“In accessing your account with your username and password, the unauthorised third party may have viewed your first name, last name, phone number, and mailing address,” read the data breach message.
A total of roughly 6,450 consumers whose accounts were affected received data breach warnings from Gen Digital.
It is one of the most recent hacking attempts on consumer passwords.
LastPass, an encrypted password manager, said last month that hackers were able to “copy a backup of user vault data” in a recent data breach.
Passwords are encrypted and are kept online by LastPass, a freemium password manager.
Per a statement from the company, the threat actor “was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format and contains both unencrypted data, such as website URLs, and fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data.”
It suggests that the threat actor may attempt to use brute force to “guess your master password and decrypt the copies of vault data they took”.
LastPass CEO Karim Toubba admitted that the company’s systems were breached twice in 2022.