Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks

Nearly one million active and inactive Norton LifeLock accounts have been targeted by credential stuffing attacks, according to a statement from the cybersecurity product’s parent company.

Gen Digital – which owns Norton LifeLock and several other consumer cybersecurity brands – told The Record that 925,000 inactive and active accounts were locked down after their security team identified a high number of Norton account login attempts. The incident centered around Norton Password Manager users. 

“Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found elsewhere, like the Dark Web, and create automated attacks to gain access to other unrelated accounts,” a spokesperson said. 

“We have been monitoring closely, flagging accounts with suspicious login attempts and proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our customers. We continue to work with our customers to help them secure their accounts and personal information.”

The spokesperson said they “took a variety of actions” to secure user accounts and personal information but would not elaborate. 

The company shared similar information in breach notification letters sent to about 6,500 customers, according to TechCrunch. A sample sent to the Office of the Vermont Attorney General warned customers that hackers accessed names, phone numbers and mailing addresses after using username and password pairs obtained from the dark web.

The attack started on December 1, the company said, with a large number of failed login attempts on December 12. The company finished its investigation by December 22 and determined that the credential stuffing attacks had been successful for thousands of accounts. 

Password managers and account access tools have been a ripe target for hackers in recent years, with both LastPass and Okta facing breaches. 

KnowBe4’s Roger Grimes noted that the irony of the situation is that if the victimized users deployed their password manager to create strong passwords on their Norton login account, they may have been protected. 

“The attack here seems to be that users self-created and used weak passwords to protect their Norton logon account that also protected their Norton password manager. The hackers were able to successfully guess at those weak passwords and access the user's Norton account and password manager,” he said. 

"People should still use password managers. The primary risks that password managers mitigate, which is users re-using weak passwords across multiple, unrelated sites, is usually far greater than a password manager getting compromised.”

Benjamin Fabre, CEO at DataDome, noted that studies have shown that more than 80% of people reuse passwords for multiple accounts, allowing hackers with access to lists of leaked credentials to repeatedly test out username and password combinations. 

Fabre noted that there is now software available to hackers that costs as little as $500 and allows them to test out email and password combo lists. 

“Today’s automated credential cracking and credential stuffing tools are designed to check hundreds of thousands of credential combinations against multiple websites,” Fabre said. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.