Norton Believes Credential Stuffing Attack Led to LifeLock Breach

A credential stuffing attack is the likely culprit behind the recent breach of Norton LifeLock that impacted thousands of Norton Password Manager customers.

Gen Digital, the parent company of Norton LifeLock, notified customers, including nearly 6,500 Norton Password Manager customers, that private information including full names, addresses and phone numbers may have been exposed to an unauthorized third party as part of the breach.

According to their official statement to the Office of the Vermont Attorney General, Norton LifeLock believes the attack resulted from a third-party attack rather than a direct breach of their systems.

"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account… this username and password combination may potentially also be known to others,” Norton LifeLock said.

Norton also warns Norton Password Manager customers that the attack may have also exposed details stored in the platform’s private vault feature – meaning whatever sensitive information users stored there may have been breached.

“…we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password.”

Impacted accounts have had their passwords automatically reset and should have received a notification by now regarding the breach, along with a credit monitoring offer and information on next steps.

Based on an internal investigation sparked by a large volume of failed login attempts in mid-December, Norton LifeLock believes that a third-party used a cyberattack method called credential stuffing to breach their systems.

How Does Credential Stuffing Work?

 

Credential stuffing is a commonly used cyberattack that relies on people reusing usernames and passwords on several accounts.

The typical credential stuffing attack starts with threat actors obtaining a list of usernames and passwords from previous data breaches through the dark web or hacker forums.

After obtaining the list, the threat actor uses bots to automate large scale attacks against other websites in hopes of accessing other accounts protected by the same username and password.

Credential stuffing may sound similar to brute force attacks but are quite different, since brute force attacks try to guess credentials from scratch. Without a starting point, such attacks have a much lower success rate.

How Can Organizations Protect Against Credential Stuffing Attacks?

 

There are several ways to avoid being a victim of credential stuffing attacks or, at the very least, minimize the impact if you are part of a breach like the one impacting Norton LifeLock.

Enable Multi-factor Authentication (MFA)

MFA provides an additional layer of security by requiring a secondary action to access an account. These actions can include confirming a code via text, a phone call, biometrics or apps such as DUO. By enabling MFA, users can still protect themselves even if their username and passwords are in the wild.

Pay Attention to Breach Notifications

If you receive a legitimate notification (breach notifications are a popular phishing email theme) that an account is part of a breach, be sure to actually read the communication to understand what information was breached, the timeline and available options which, in many cases, include credit report monitoring services.

Most importantly, act fast to change other accounts that use the same credentials as the breached account.

Use Different Usernames and Passwords

The first step is simply using different usernames and passwords for online accounts. With the plethora of online accounts people have, this may sound daunting, but is an important step in protecting your private information.

While you may shrug off the idea of somebody having your Netflix username and password, you won’t be so calm if the same information can be used to access your banking or retirement accounts… or your password manager.

Utilize a Password Manager

Yes, there is irony in suggesting a password manager in an article based on the Norton Password Manager breach. Despite the breach, password managers still offer many advantages including the ability to protect your accounts with several complex passwords without the need to remember each individual one.

Just make sure your master password differs from other accounts – in this instance, the Norton customers at greatest risk were ones who used the same password for their LifeLock and Password Manager.

If you have any questions about how to strengthen your password policies, or if you’re concerned your organization’s credentials aren’t the most secure, feel free to contact our team.

Related Resources

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Cybersecurity in the Construction Industry
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×