Gen Digital, formerly Symantec Corporation and NortonLifeLock, sends data breach notifications to customers, notifying them that hackers have successfully breached Norton Password Manager accounts in credential stuffing attacks.
According to a sample letter shared with the Vermont Attorney General’s office, the attacks were not the result of a company breach but of an account compromise on other platforms.
“Our own systems were not compromised. However, we strongly believe that an unauthorized third party knew and used your username and password for your account”, NortonLifeLock said.
“This username and password combination may also be known to other people.”
Specifically, the advisory explains that around December 1, 2022, an attacker used username and password pairs he had purchased on the dark web to attempt to log into Norton customer accounts. .
The company detected “an unusually high volume” of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try credentials en masse.
By December 22, 2022, the company had completed its internal investigation, which revealed that credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.
By accessing your account with your username and password, the unauthorized third party may have seen your first name, last name, phone number and mailing address — NortonLifeLock
For customers using the Norton Password Manager feature, the advisory warns that attackers may have obtained details stored in private vaults.
Depending on what users store in their accounts, this could lead to compromise of other online accounts, loss of digital assets, exposure of secrets, and more.
NortonLifeLock stresses that the risk is particularly significant for those using Norton account passwords and similar password manager master keys, allowing attackers to pivot more easily.
The company says it has reset Norton passwords on affected accounts to prevent attackers from accessing them again in the future and has also implemented additional measures to thwart malicious attempts.
NortonLifeLock also advises customers to enable two-factor authentication to protect their accounts and accept the offer of a credit monitoring service.
The company has not yet revealed the exact number of people affected by this incident. BleepingComputer has contacted NortonLifeLock, and we’ll update this post as soon as we hear back.