Cybersecurity Threat Advisory: NortonLifeLock compromised
Recently, thousands of NortonLifeLock customers had their accounts compromised, potentially allowing malicious actors to access user password managers. Gen Digital, Norton LifeLock’s parent company, has sent notices to over 6,000 customers whose accounts were compromised.
What is the threat?
According to a recent data breach notice shared with the Office of the Vermont Attorney General, the attacks did not stem from a breach on Norton but from compromised credentials on external platforms.
“Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account,” NortonLifeLock said.
On December 12, 2022, Norton detected an “unusually large volume” of failed login attempts to customer accounts, indicating a credential stuffing attack. The company began their investigation and discovered that around December 1, 2022, an “unauthorized third party” used a list of usernames and passwords obtained from another source, such as the dark web. By December 22, the company had completed their investigation and revealed that the attacks successfully compromised customer accounts. The total number of breached accounts has not been disclosed at this time.
Why is it noteworthy?
NortonLifeLock provides protection against identity theft and various cybersecurity services worldwide. Incidents involving customer password theft are becoming more of a concern in recent years. Earlier in 2022, LastPass announced a data breach in which attackers stole millions of encrypted password vaults.
What is the exposure or risk?
Norton has disclosed that customers’ personal information — including first and last name, phone number, and mailing address – may have been viewed by the unauthorized third party. Additionally, the company stated they “cannot rule out” that the attackers accessed information stored in the Norton Password Manager, for those utilizing the feature. If the password manager was compromised, threat actors could leverage that information to gain access to accounts on other platforms.
What are the recommendations?
Barracuda MSP recommends the following actions to help prevent unauthorized access to your accounts:
- Maintain strong password habits:
- Passwords should be at least 12 characters long, using a combination of upper/lowercase letters, numbers, and special characters.
- Passwords should never be shared with anyone nor written down.
- Do NOT use the same password for more than one account.
- Despite recent incidents, password managers remain the best way to protect your accounts. Consider utilizing a password manager to minimize the risk of re-used or weak passwords.
- Gain visibility into your customers’ environments. Leverage Barracuda XDR with our 24x7x365 Security Operations Center (SOC) for proactive monitoring and detection for indicators of credential stuffing and brute force attacks on your environment.
- For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.