Norton LifeLock Warns on Password Manager Account Compromises

Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse.

Fingerprint symbol digital abstract authentication identity
Source: Skorzewiak via Alamy Stock Photo

Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning.

Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on the activity on Dec. 12, when its IDS systems flagged "an unusually high number of failed logins" on Norton accounts. After a 10-day investigation, it turns out that the activity stretched back to Dec. 1, the company said.

While Gen Digital didn't say how many of the accounts were compromised, it did caution customers that the attackers were able to access names, phone numbers, and mailing addresses from any Norton accounts where they were successful.

And it added, "we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password." 

Those "details," of course, are the strong passwords generated for any online services the victim uses, including corporate logins, online banking, tax filing, messaging apps, e-commerce sites, and more.

Password Reuse Subverts Password Management

In credential-stuffing attacks, threat actors use a list of logins obtained from another source — buying cracked account info on the Dark Web, for instance — to try against new accounts, hoping that users have reused their email addresses and passwords across multiple services.

As such, the irony of the Norton incident is not lost on Roger Grimes, data-driven defense evangelist at KnowBe4.

"If I understand the reported facts, the irony is that the victimized users would have probably been protected if they had used their involved password manager to create strong passwords on their Norton logon account," he said via email. "Password managers create strong, perfectly random passwords that are essentially unguessable and uncrackable. The attack here seems to be that users self-created and used weak passwords to protect their Norton logon account that also protected their Norton password manager."

Attackers lately have focused identity and access management systems as a target, given that one compromise can unlock a veritable treasure trove of data across high-value accounts for attackers, not to mention a bevy of enterprise pivot points for moving deeper into networks.

LastPass, for instance, was targeted in August 2022 via an impersonation attack, in which cyberattackers were able to breach its development environment to make off with source code and customer data. Last month, the company suffered a follow-on attack on a cloud storage bucket that it uses.

And last March, Okta revealed that cyberattackers had used a third-party customer support engineer's system to gain access to an Okta back-end administrative panel for managing customers — among other things. About 366 customers were impacted, with two actual data breaches occurring.

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights