Norton LifeLock customers have been informed that their Norton Password Manager accounts were compromised in credential stuffing attacks
against other platforms, reports BleepingComputer
Attackers were able to leverage username and password pairs from the dark web to access Norton customer accounts around Dec. 1, with failed login attempts spiking on Dec. 12, suggesting the attacks, said Norton LifeLock in a notice.
Investigation into the incident concluded by Dec. 22, with Norton LifeLock stating that customers' first and last names, phone numbers, and mailing addresses may have been impacted by the intrusion. Threat actors may have also had access to Norton Password Manager users' private vault data.
While the number of customers affected by the incident has not yet been disclosed, Gen Digital, the parent company of Norton LifeLock, said that 925,000 accounts that may have been subjected to credential stuffing attacks have already been secured.
"Systems have not been compromised, and they are safe and operational, but as is all too commonplace in todays world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts," said a Gen Digital spokesperson.