Hackers steal over 6,000 customers’ account information and access their password managers, as reported by Norton LifeLock officials.
Gen Digital, the parent company, issued a notice to its customers about this incident; they claimed it happened using the previously exposed or breached credentials. A “credential stuffing attack” likely happened on different websites or services that share the same passwords. Norton LifeLock already recommends two-factor authentication that helps block hackers from accessing the customer’s account by giving only the password.
It begins on December 1, exactly 12 days when the company receives many “Customer login Failed” requests. According to the data breach notice, when a customer accesses his account with his username and password, the uncertified third party catches his first name, last name, phone number, and mailing address. After that, the customer receives a notice to use their password manager feature, which the company never rejects. Gen Digital claimed that they sent these notices to about 6450 customers whose accounts were compromised.
Norton LifeLock provides services like identity protection and cybersecurity. This is the newest theft event, including the leakage of customer passwords. Several incidents like this happened in recent years, including LastPass, a famous password manager company that confirms data breaches in which hackers steal cloud storage and millions of customers’ vault passwords. In the second incident, Passwordstate, another famous enterprise, revealed that the hackers insisted the customer for tainted software updates and stole their passwords.
The security giants still recommend the “Password Manager” for generating and storing unique passwords for customers’ confidential data. Furthermore, password manager companies still need strong preventive measures to avoid this type of incident in the future.