Norton LifeLock, a very well-known provider of identity protection and cybersecurity services, recently revealed in an announcement that thousands of its customers had their accounts compromised.
The parent company of Norton LifeLock, Gen Digital, states that the likely cause of the hack was a "credential stuffing" attack, which is when previously exposed or breached credentials of accounts are used to break into other accounts on different sites and services that have the same passwords. The company notes that it detected a "large volume" of failed logins to customer accounts on December 12, which led them to discover that the intruders had compromised accounts dating back to December 1.
The company sent notices to about 6,450 Norton customers whose accounts were affected by the breach. In the data breach notice, Gen Digital states that the unauthorized third party may have viewed customers' first names, last names, phone numbers, and mailing addresses. The company also said that it could not rule out that the intruders also accessed some customers' saved passwords.
It is important to note that this is not the first time that a password manager has been targeted by hackers. As reports state that earlier this year, password manager giant LastPass confirmed a data breach in which intruders hacked into its cloud storage and stole millions of customers' encrypted passwords. Furthermore, in 2021 the company behind Passwordstate was hacked and forced to push out a software update that enabled cybercriminals to steal the passwords of thousands of customers.
While the aforementioned incidents of password managers 'going wrong' they are still highly recommended by security professionals as password managers generate strong, unique passwords increasing the level of account security. However, security professionals recommend that users take the right precautions that mitigate the fallout of a hack when a password manager is breached. This would include using different passwords for different accounts, making sure two-factor authentication (2FA) is in use where it can be, and regularly changing your passwords.
In other news, hackers have targeted US public airports with ransomware attacks, leading to officials responding with increased cybersecurity efforts. The attacks have caused disruptions and cancellations, leading to financial losses for the airports. The FBI and other government agencies are investigating the attacks and advising airports to improve their security measures. For more information on that story, check it out below!