Norton LifeLock, the U.S.-based cyber security firm owned by Gen Digital, has reportedly published a data breach notice revealing that thousands of its users had their accounts hacked over recent weeks, potentially giving criminal intruders access to user password managers.
In this notice to clients, Gen Digital stated that a credential stuffing intrusion was more likely to be to blame than a system compromise. In this type of attack, credentials that have already been compromised or exposed are used to access accounts on various websites and services that use the same passcodes. It is for this reason that two-factor authentication, which Norton LifeLock provides, is advised since it prevents attackers from accessing a user's account just by using their password.
The firm claimed that it discovered the accounts had been compromised as early as December 1, around two weeks before its systems discovered a "high volume" of unsuccessful login attempts to client accounts on December 12.
The data breach report stated that by logging into the account using a username and password, the unauthorized third party may have seen details including first name, last name, mailing address, and phone number. The company sent the notification to clients it believes use its password manager tool as it cannot completely rule out the possibility that the intruders also gained access to the users' saved passwords.
As per sources, Gen Digital stated that it notified approximately 6,450 clients whose accounts had been compromised.
It's the most recent incident concerning the theft of consumer credentials. LastPass, a leading provider of password managers, acknowledged a data breach earlier this year during which hackers gained access to its cloud storage and stole the encrypted password locks of millions of users.
Passwordstate, a well-known enterprise password administrator, was hacked in 2021, allowing hackers to spread a malicious software update to users and obtain passwords from users.
That said, password managers are still frequently encouraged by security specialists for generating and keeping unique passwords, so long as the right measures and protections are put into place to limit the impact in the case of a compromise.