Blog
223
Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Gen Digital Warns of Attacks on Password Manager Users

Now Reading
Gen Digital Warns of Attacks on Password Manager Users

Contents
Attacks on Password Manager

Developers from Gen Digital (formerly Symantec Corporation and NortonLifeLock) sent notifications to customers about data leaks and attacks on Password Manager.

The company warned that hackers are successfully cracking Norton Password Manager accounts using credential stuffing attacks.

We also wrote about Student Found Bug in Cloudflare Email Routing Closed Beta, and also that Critical Bug in VMware Products Is Used to Install Miners and Ransomware.

Note also that the researchers report that only 26% of users agreed to change their password when they learned that it was compromised.

Let me remind you that the term credential stuffing usually refers to situations where usernames and passwords are stolen from some sites and then used on others. That is, attackers have a ready-made credential database (acquired on the dark web, collected on their own, and so on) and try to use this data to log in to other sites and services under the guise of their victims.

So, according to a sample letter submitted to the Vermont Attorney General’s Office, the attacks were not responsible for hacking the company itself, but to compromising accounts on other platforms.

Our own systems have not been compromised. However, we believe that an unauthorized third party knows and uses the username and password of your account. In addition, this combination of credentials could potentially be known to others.the developers write in the letter.

The company reportedly recorded an “unusually high volume” of failed login attempts as early as December 12, 2022, which indicated credential stuffing attacks, i.e. the attackers massively brute-forced user credentials.

By December 22, 2022, the company completed an internal investigation of this “anomaly”, which showed that credential spoofing attacks helped attackers t compromise an undisclosed number of user accounts.

When accessing your account using your username and password, an unauthorized third party could view your first name, last name, phone number, and mailing address.NortonLifeLock warned.

Worse, customers using Norton Password Manager could also experience compromised information contained in private vaults, which could lead to compromise of other online accounts, loss of digital assets, disclosure of secrets, and so on.

The company says it has reset passwords for affected accounts to prevent attackers from gaining access to them again, and has taken additional measures to counter hacker attacks. The developers say they have protected about 925,000 inactive and active accounts that could be targets for credential spoofing attacks.

Now the company recommends that customers enable two-factor authentication to protect their accounts, as well as use the services of a credit monitoring service.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
Posted In
Blog
Tags
credential stuffing, data breaches, Gen Digital, Password Manager
, , ,
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response