Norton LifeLock customers have been informed that their Norton Password Manager accounts were compromised in credential stuffing attacks against other platforms, reports BleepingComputer.
Attackers were able to leverage username and password pairs from the dark web to access Norton customer accounts around Dec. 1, with failed login attempts spiking on Dec. 12, suggesting the attacks, said Norton LifeLock in a notice.
Investigation into the incident concluded by Dec. 22, with Norton LifeLock stating that customers' first and last names, phone numbers, and mailing addresses may have been impacted by the intrusion. Threat actors may have also had access to Norton Password Manager users' private vault data.
While the number of customers affected by the incident has not yet been disclosed, Gen Digital, the parent company of Norton LifeLock, said that 925,000 accounts that may have been subjected to credential stuffing attacks have already been secured.
"Systems have not been compromised, and they are safe and operational, but as is all too commonplace in todays world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts," said a Gen Digital spokesperson.
CNN reports that Avast has been imposed a $16.5 million fine by the Federal Trade Commission for misleading customers with claims of protecting their browsing data but proceeding to gather and sell such data without prior consent.