Norton LifeLock, a company providing cybersecurity software and services, revealed in a data breach notice that thousands of its customers had their accounts compromised in recent weeks. The Norton LifeLock data breach notice reads, “In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address.”
Norton LifeLock Data Breach: The Credential Stuffing Attack
Gen Digital, the parent company of Norton LifeLock, told customers that it was likely a credential-stuffing attack where the previously exposed credentials were used to break into other services that share the same passwords. According to the company, its systems detected a large volume of failed logins to customer accounts on 12th December, likely two weeks after the Norton LifeLock data breach took place.
Last year, a similar hack was confirmed by password manager giant LastPass in which intruders compromised its cloud storage and stole millions of customers’ encrypted password vaults. The LastPass CEO Karim Toubba said the intruders took a copy of a backup of customer vault data by using cloud storage keys stolen from a LastPass employee.
Two-factor Authentication to Nullify Cyber Attacks
Norton LifeLock recommends two-factor authentication to block attackers from accessing someone’s account with just their password. According to its support page, “Two-factor authentication is a security feature that adds an extra layer of security for your account. If you enable this feature, you need to enter your account password and a special verification code sent to your phone via text, voice, or mobile app. This code is specific to your account and changes every time you sign in.”