Thousands of people who use Norton password manager began receiving emailed notices this month alerting them that an unauthorized party may have gained access to their personal information along with the passwords they have stored in their vaults.
Gen Digital, Norton’s parent company, said the security incident was the result of a credential-stuffing attack rather than an actual breach of the company’s internal systems. Gen’s portfolio of cybersecurity services has a combined user base of 500 million users — of which about 925,000 active and inactive users, including approximately 8,000 password manager users may have been targeted in the attack, a Gen spokesperson told CNET via email.
Norton’s intrusion detection systems detected an unusual number of failed login attempts on Dec. 12, the company said in its notice. On further investigation, around Dec. 22, Norton was able to determine that the attack began around Dec. 1.
“Norton promptly notified both regulators and customers as soon as the team was able to confirm that data was accessed in the attack,” Gen’s spokesperson said.
Personal data that may have been compromised includes Norton users’ full names, phone numbers and mailing addresses. Norton also said it “cannot rule out” that password manager vault data including users’ usernames and passwords were compromised in the attack.
“Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world, bad actors may take credentials found elsewhere, like the Dark Web, and create automated attacks to gain access to other unrelated accounts,”
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft