The computer security juggernaut Norton has been the victim of a cyberattack! The accounts of thousands of users and the expert’s password manager were compromised by simple credential stuffing. A peak!
Normally, using a password manager is a good way to protect personal accounts and information – and to remember them. Indeed, it allows to store all its essential passwords, payment information and login information in a highly encrypted database or vault. But because of the sensitive data they contain, managers are often targeted by hacking attempts and, when they succeed, their consequences are disastrous. We remember the successive intrusions at LastPass in 2022, which allowed hackers to steal personal user data, encrypted passwords and other data stored in customer safes. This time it’s Norton’s turn, the “world leader in consumer cybersecurity” as it presents itself on its site, to bear the brunt of an intrusion.
Norton hack: credential stuffing to access all passwords
In a message addressed to its 6,450 affected customers and reported by Techcrunch, Gen Digital, the name of the new company that now owns Norton LifeLock and its products, has revealed that it was the target of a “credential stuffing” attack. This technique consists of carrying out, using software or manually, massive authentication attempts on Web sites and services using username/password pairs, which have generally been stolen from other sites and web services and then resold on the Dark Web. Indeed, many – too many – users use the same password several times. Also, when it is compromised once, it is also compromised on the other sites and platforms where it is used. This is why Internet users generally use a password manager, which centralizes all their passwords – they can therefore be unique, complex and random since the user does not have to remember them. The tool is protected by a unique password – the only one it needs to remember – which has been compromised here, giving access to Norton accounts and password managers.
Indeed, Gen Digital explains that on December 12, 2022, its systems detected an abnormally high number of failed logins. Investigating, the company discovered that attempted break-ins had been taking place since 1er December. “By accessing your account with your username and password, the unauthorized third party may have seen your first name, last name, phone number and mailing address”, she wrote. But that’s not the worst, as the security firm reveals that “we cannot exclude that the unauthorized third party also obtained stored details [dans le gestionnaire de mots de passe Norton Password Manager]especially if your Password Manager key is the same or very similar to your Norton account password.“By ‘details’, understand passwords generated for all services the victim uses, including corporate logins, online banking, tax filing, messaging apps, commerce sites electronics, social networks, etc. In other words, it’s the jackpot for hackers!While password managers are still recommended by security experts, it is essential to lock it with a unique and complex password ( at least eight characters, including numbers, uppercase, lowercase, and special characters) and enable two-factor authentication.