Cyber-security services provider Norton LifeLock has been hit by a data breach where more than 6 000 of its customers had their accounts compromised.
The data breach may have allowed hackers to access their password managers, reports TechCrunch.
In a notice to customers, Gen Digital, which is the parent company of Norton LifeLock, said the data breach happened likely due to a credential stuffing attack.
Credential stuffing is a cyberattack method in which attackers use lists of compromised user credentials to breach into a system.
Hackers compromised accounts as far back as December 1, according to the company.
“In accessing your account with your username and password, the unauthorised third party may have viewed your first name, last name, phone number, and mailing address,” read the data breach notice.
Gen Digital sent data breach notices to nearly 6 450 customers whose accounts were compromised.
It’s one of the latest incidents of a hacking attempt on customer passwords.
Encrypted password manager LastPass last month admitted that hackers were able to “copy a backup of customer vault data” in a recent data breach.
LastPass is a freemium password manager that stores encrypted passwords online.
In a statement, the company said that the threat actor “was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data”.
It means that the threat actor may attempt to use brute force to “guess your master password and decrypt the copies of vault data they took”.
Karim Toubba, the CEO of LastPass, had admitted that the company’s systems were compromised two times in 2022.