If you’re a customer of Norton LifeLock, you may want to reset your password.
As reported by TechCrunch, Gen Digital, the parent company of Norton LifeLock, thousands of customers have had their accounts breached, potentially giving hackers access to password managers. According to the company, the breach was caused by a “credential stuffing attack” rather than a direct hack of its systems.
In a notice to customers, Gen Digital, the parent company of Norton LifeLock, said that the likely culprit was a credential stuffing attack — where previously exposed or breached credentials are used to break into accounts on different sites and services that share the same passwords — rather than a compromise of its systems. It’s why two-factor authentication, which Norton LifeLock offers, is recommended, as it blocks attackers from accessing someone’s account with just their password.
Norton LifeLock said that the breach occurred as far back as December 1, 2022. The company said that its systems detected a “large volume” of failed logins to customer accounts on December 12, prompting an investigation and discovery of the attack.
“In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address,” the data breach notice said. The notice was sent to customers that it believes use its password manager feature, because the company cannot rule out that the intruders also accessed customers’ saved passwords.
According to the company, around 6,450 customer accounts were compromised during the attack. While that isn’t on the scale as some other attacks, it does point out a glaring issue that is common amongst many unsuspecting consumers.
If you’re using any similar emails and passwords across accounts, now is another reminder to reset those passwords to something unique and also enable two-factor authentication. That’s one of the best ways to avoid compromises like this.