Gen Digital Warns of Attacks on Password Manager Users
Developers from Gen Digital (formerly Symantec Corporation and NortonLifeLock) sent notifications to customers about data leaks and attacks on Password Manager.
The company warned that hackers are successfully cracking Norton Password Manager accounts using credential stuffing attacks.
We also wrote about Student Found Bug in Cloudflare Email Routing Closed Beta, and also that Critical Bug in VMware Products Is Used to Install Miners and Ransomware.
Note also that the researchers report that only 26% of users agreed to change their password when they learned that it was compromised.
Let me remind you that the term credential stuffing usually refers to situations where usernames and passwords are stolen from some sites and then used on others. That is, attackers have a ready-made credential database (acquired on the dark web, collected on their own, and so on) and try to use this data to log in to other sites and services under the guise of their victims.
So, according to a sample letter submitted to the Vermont Attorney General’s Office, the attacks were not responsible for hacking the company itself, but to compromising accounts on other platforms.
The company reportedly recorded an “unusually high volume” of failed login attempts as early as December 12, 2022, which indicated credential stuffing attacks, i.e. the attackers massively brute-forced user credentials.
By December 22, 2022, the company completed an internal investigation of this “anomaly”, which showed that credential spoofing attacks helped attackers t compromise an undisclosed number of user accounts.
Worse, customers using Norton Password Manager could also experience compromised information contained in private vaults, which could lead to compromise of other online accounts, loss of digital assets, disclosure of secrets, and so on.
The company says it has reset passwords for affected accounts to prevent attackers from gaining access to them again, and has taken additional measures to counter hacker attacks. The developers say they have protected about 925,000 inactive and active accounts that could be targets for credential spoofing attacks.
Now the company recommends that customers enable two-factor authentication to protect their accounts, as well as use the services of a credit monitoring service.