Norton and its users are in turmoil. The famous publisher of security suites has just announced that thousands of accounts had been targeted by an attack by “identity stuffing”. Enough to jeopardize the associated password managers.
Norton is a reputable vendor of security suites that consistently earns accolades from benchmark labs. Like its competitors, it also offers a password manager called Norton Password Manager. It is precisely the latter that has recently been targeted by hackers. Thousands of Norton users have been targeted by a massive campaign of credential stuffing attacks.
This form of cyber-maliciousness is based on the possibility that users use the same password for several services. After intercepting leaked credentials, hackers will then use them to try to access other accounts. This technique has allowed hackers to compromise thousands of Norton accounts in recent weeks, potentially giving them access to password managers.
Norton: password managers in jeopardy
Norton LifeLock’s parent company, Gen Digital, claims to have discovered the compromises as early as December 1. That is two weeks before its systems detect a “large volume” failed logins, a sign that credential stuffing attacks were on the rise. “By accessing your account with your username and password, the unauthorized third party may have seen your first name, last name, phone number and mailing address”says the company.
Gen Digital, however, cannot exclude that the hackers also gained access to the saved passwords. The company sent notices of breach to approximately 6,450 customers whose accounts had been compromised. This new case serves to re-emphasize the importance of two-factor authentication. When the latter is activated, the hacker cannot access your account even if your password is compromised.
As a reminder, it is essential to configure strong and different passwords for each of your online accounts. Password managers are highly recommended by security professionals for generating and storing unique passwords. Managers that must also be protected by a powerful master password and by two-factor authentication.
