TechCrunch reports that data breach may have allowed hackers to access Norton LifeLock customers’ password managers. Gen Digital, the parent company of Norton LifeLock, said in a notice that the data breach happened likely due to a credential stuffing attack.
Credential stuffing is a type of cyberattack in which hackers use lists of compromised user credentials to breach into a system.
What data has been compromised?
Gen Digital says that hackers compromised accounts as far back as December 1. “In accessing your account with your username and password, the unauthorised third party may have viewed your first name, last name, phone number, and mailing address,” as per the data breach notice sent to nearly 6,450 customers whose accounts were compromised.
Other cyberattacks on password managers
Last year, password manager LastPass announced that hackers were able to “copy a backup of customer vault data” and they could use ‘brute force’ to get access to personal information.
The threat actors were “able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data”, the company said in a statement.
Karim Toubba, the CEO of LastPass, had admitted that the company’s systems were compromised two times in 2022 – once in August and then in December.
While the executive said that data of its customers remains safe due to unavailability of the master key, multiple cybersecurity experts termed the company’s statement as “outright lies.”
Amazon Republic Day sale is here: 5G smartphones under Rs 30,000 to consider
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.