Millions of NortonLifeLock accounts have been breached by hackers, but parent company Gen Digital is claiming its not at fault.
The company has been sending data breach notifications to customers, informing them that hackers had mounted successful “credential-stuffing attacks.”
A credential-stuffing attack is where the hacker gathers information from other compromised accounts, in order to gain access to its target, using the same info.
Norton said it detected “an unusually high volume” of failed login attempts on December 12, a sure sign of such an attack.
Over a two-week period, at least 925,000 accounts were successfully comprised, with the actual figure likely to stretch into the millions.
Gen Digital confirmed that around December 1, 2022, a hacker used “username and password pairs they bought from the dark web” to attempt to log in to Norton accounts.
“Our own systems were not compromised,” reads the letter from Gen Digital to impacted account holders.
“However, we strongly believe that an unauthorised third party knows and has utilised your username and password for your account.
“This username and password combination may potentially also be known to others.”
Gen Digital confirmed it has secured “925,000 inactive and active accounts that may have been targeted by credential-stuffing attacks”. These are just the ones they are aware of.
“Our top priority is to help our customers secure their digital lives,” Gen Digital said in a statement.
“Our security team identified a high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers, and we quickly took a variety of actions to help secure our customer’s accounts and their personal information.
“Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts.
“We have been monitoring closely, flagging accounts with suspicious login attempts and proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our customers.
“We continue to work with our customers to help them secure their accounts and personal information.”
