Norton victim of a large-scale hack

Many Norton accounts were hacked in December. The personal information of these people could be accessed by the hackers, who were also able to break into the brand’s password manager.

Norton LifeLock, which manages many Norton services including the famous antivirus, recently notified its customers of a major hack. This took place during the month of December and a lot of sensitive information could probably have been recovered by the attackers.

Passwords stolen thanks to passwords?

The true extent of this recent attack which targeted Norton is still unclear. The company has not yet communicated on the matter. What we do know is that the brand detected, on December 12, a significant spike in connection failures on Norton accounts. The hackers would have used a very simple technique called credential stuffing since December 1 to access many accounts.

password manager
According to Norton Lifelock, hackers may have been able to access Password Manager accounts, which contain passwords stored by users. ©Norton

This method consists of using lists of stolen identifiers acquired on hacker forums to enter sites. A system automatically enters a large amount of login information on a site until credentials work. If it works, it usually means that one saved password is used by one person on multiple sites. The hackers accessed user information such as first name, last name, email address or phone number. telephone.

Norton also does not rule out the possibility that attackers may have accessed details saved in its password managerespecially if your Password Manager key is the same or very similar to your Norton password “says the group.

Password management still in question

A very ironic attack according to cybersecurity consultant Roger Grimes that the site Dark Reading could interrogate. “If I understand the facts reported correctly, the irony is that the victims could have been protected if they had used their password manager to create strong and secure access for their Norton account. »

According to the expert, the attack was greatly facilitated by users who use so-called weak passwords for their Norton account. Passwords also used to access Password Manager.

It is one of the chestnut trees of cybersecurity. Each year, the various protection sites release the rankings most used passwords in the world. We notice that these are almost exclusively weak passwords and used for several sites rather than just one. It is thanks to this that hackers regularly manage to steal millions of information during large-scale attacks. Lately, the LastPass password manager has paid the price, being hacked several times during the year 2022.

One of the ways around this is to use two-factor authentication or start turning to Passkeyswhich are intended as replacements for passwords, much more secure.

Leave a Comment

Your email address will not be published. Required fields are marked *