Credential Stuffing Attack Hits NortonLifeLock
Table of Contents
- By Steven
- Jan 16, 2023
Credential stuffing attacks are more common than one might think. This type of attack occurs when a hacker or other form of criminal finds personal credentials, usually log-in and account information, and uses that information to attempt to access your other accounts. Often, attackers attempt this as a way to access credit card information and the like, as buying someone's Spotify password and going into their Publix account to steal their credit card information would be simple.
How Did the Attack Occur?
On December 1st, 2022, Norton received an atypical amount of failed log-in attempts. This is usually caused by credential stuffing attacks because let's face it; the chances of 20,000+ people forgetting their passwords at exactly the same moment are incredibly slim. An investigation immediately began, with investigators quickly finding that a hacker had bought peoples' credentials off the dark web. The stolen credentials weren't from Norton's website, though the hacker attempted to use the details to try to force their way into NortonLifeLock's website.
What Information Was Viewed or Stolen?
A notification sent to the Vermont Attorney General's Office read, "In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address." It also stated that it is unclear how many individuals have access to the stolen credentials, as it is unknown how many people may have bought it from the dark web. There is concern that the hackers used accurate credentials, though the only apparent victims of such are users of LifeLock's password managing feature.
How Did Norton Admit to the Breach?
Norton admitted to the breach by sending notifications to both the Vermont State Attorney General's Office and the individuals affected. "Our top priority is to help our customers secure their digital lives," a Norton spokesperson stated to BleepingComputer.
What Will Become of the Stolen Information?
There is a large range of possible effects after a breach of this magnitude. The kinds of passwords people keep locked in Norton's password vaults and managers are usually very sensitive, and their leakage could have detrimental effects on the victims. Doctors' offices, bank accounts, and social media profiles can all have devastating effects on anyone involved, and many people have the log-ins for these saved in their computers. While a social media account may not seem as important as a bank account, you have to remember that employers watch social media now, and having an unauthorized individual make out-of-pocket comments could get people fired.
What Should Affected Parties Do in the Aftermath of the Breach?
After a breach this sensitive (or any breach, for that matter), you should take as many steps as possible to protect yourself and your loved ones. If you were involved in this breach, your information is already on the dark web. It's still worth taking the steps necessary to protect yourself and the people you care for.