Please Sign In with Norton Account to Ask a Question or comment in the Community
Product Announcement: Norton Security 22.23.4.6 for Windows is now available!
Posted: 13-Jan-2023 | 11:28AM · 14 Replies · Permalink
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
Posted: 13-Jan-2023 | 12:51PM · Permalink
Is it correct to presume that if you do not use Norton Password Manager but do use Norton 360 that you are not under this specific risk?
Posted: 13-Jan-2023 | 4:46PM · Edited: 13-Jan-2023 | 5:04PM · Permalink
So. If I am reading things correctly, Norton is notifying ONLY customers they KNOW have had their accounts compromised? To date I haven't seen any messages from Norton indicating my Norton account nor PWM logins were compromised. I'd be surprised if one doesn't appear although I am a very strict web user. I also have 2FA enabled, with two separate ways of getting codes, OTHER THAN an e-mail account. Nevertheless, Its going to be prudent to watch all my financials extremely close. Any 2FA requests that aren't actively and knowingly by me will certainly raise alarms.
At the present moment we all need SERIOUS CLARITY and ASAP!! Not weeks or months down the road. HOW, access to PWM accounts was SPECIFICALLY accomplished and by whom would be of great interest. Was this an inside issue where a begrudged current or former employee exposed something specific? Not meaning to go down a rabbit hole with things but Corporate breeches have become a dime a dozen over the past few years. And of course we the consumer, ALWAYS get it in the shorts. Losses are all ours and without much recourse for recovery nor compensation. Immediate clarity is a MUST. Specifically....what other platforms?
According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms.
Credential stuffing comes as the result of a data breech. Are "other platforms" being purported as information used from data breaches of other companies?
And..how did an "undisclosed" number of accounts become so easily compromised? For this information to be for sale on the dark web the info dump was most assuredly a huge one. "The company has yet to disclose the exact number of people impacted by this incident." It sounds like there is more going on than what is being released. Again....CLARITY!! FULL TRANSPARENCY is a must.
More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts.
SA
Posted: 13-Jan-2023 | 5:47PM · Permalink
Weren't our Vaults supposed to be encrypted anyway?
Posted: 13-Jan-2023 | 6:49PM · Permalink
IF, the vault login password has been compromised the vault contents could then be viewed and copied. I have always logged into my vault BEFORE opening any active websites, and immediately close my browser when banking and making a purchase to clear the browser caches. Opera has settings that will wipe itself and I use it religiously.
Within our Norton account settings there is an area where it shows the number of "trusted devices" that do not require a 2FA code. The device names are NOT provided. I've always kept that empty for this very reason. I want a 2FA with every attempted login whether I am aware of it or another entity makes the attempt. I will change my Norton account login password to be on the safe side of things going forward.
SA
Posted: 14-Jan-2023 | 12:38PM · Permalink
Some other things to consider going forward are below.
https://cybernews.com/best-password-managers/are-password-managers-safe/
What if your password manager gets hacked?
In most cases, getting hacked won't result in all your passwords falling into the wrong hands. However, even the most secure password manager may have a serious vulnerability that everyone overlooked.
Let's start with the fact that your passwords are encrypted locally. Password managers have no way to decipher your data because they implement a zero-knowledge policy. So if a hacker breaks into your vault, he will see only encrypted information.
Immediately change your Norton account login password and set more than one 2FA method. Also, immediately change your Vault password, you can do so by opening your vault then going into settings. I did this last evening VIA opening the vault web app, it DOES NOT delete the contents of your vault.
SA
Posted: 15-Jan-2023 | 4:16AM · Permalink
Krusty13:
According to that BleepingComputer article the notice sent out by NortonLifeLock said in part that "In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address". That suggests that Norton users who are not using the Norton Password Manager might also have had personal information stolen from their Norton Accounts.
A few years ago NortonLifeLock changed their renewal procedure so that users who purchased their Norton product from an authorized retail reseller like Best Buy were required to enter their billing address and credit card details in their Norton Account before they could use their (already paid for) 25-digit product key, which allowed NortonLifeLock to activate automatic annual renewal in their account (see the support article Download your Norton Product Purchased from a Retail Store). I understand that users are allowed to log back into their account and remove their billing information and disable automatic renewal once their product key is activated, but that "workaround" isn't widely shared by NortonLifeLock. Perhaps this latest security breach will encourage NortonLifeLock to abandon this unpopular and unethical business practice once and for all.
Posted: 15-Jan-2023 | 3:39PM · Permalink
Guessing that, the issue lmacri posted is represented by this statement? The accountability lies where? Just a thought.
According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms.
SA
Posted: 16-Jan-2023 | 1:43PM · Permalink
Posted: 16-Jan-2023 | 10:24PM · Edited: 16-Jan-2023 | 10:28PM · Permalink
As long as you didn't use your Norton account password as a password for other websites, you should be unaffected by this. The hackers acquired log-in credentials for sites other than Norton and simply plugged them into the Norton account log-in hoping to find accounts where customers had used the same password on both sites. This is why they tell you to always use different passwords for different sites. Why someone would use the same password for their Norton account (and worse, possibly their Password Manager) at other websites is beyond me. But you can bet there are some people who did, and they are the ones who need to be concerned about this. I think those of us using separate dedicated Norton Account and Password Manager credentials along with two factor authentication can breathe easy.
Posted: 17-Jan-2023 | 5:03AM · Permalink
Thanks for this excellent and informative Post SendOfJive - this is very reassuring. I just wish that Norton would have published such an advisory to ALL users in a timely manner when the breach occurred or as soon as it was known about.
Posted: 17-Jan-2023 | 9:41AM · Permalink
I agree that Norton could have done a much better job of explaining the situation and putting people's minds at ease. Norton wasn't hacked. It was attacked, and people who use the same username and password on Norton and multiple other sites are the ones who were at risk of having their Norton Account hacked. Here is a really good, concise explanation of what a credential stuffing attack is, from CloudFlare:
What is Credential Stuffing?
Credential stuffing is a cyber attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service.
For example, an attacker may take a list of usernames and passwords obtained from a breach of a major department store, and use the same login credentials to try and log in to the site of a national bank. The attacker is hoping that some fraction of those department store customers also have an account at that bank, and that they reused the same usernames and passwords for both services.
Credential stuffing is widespread thanks to massive lists of breached credentials being traded and sold on the black market. The proliferation of these lists, combined with advancements in credential stuffing tools that use bots to get around traditional login protections, have made credential stuffing a popular attack vector.
https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/
Posted: 20-Jan-2023 | 7:14PM · Edited: 20-Jan-2023 | 7:15PM · Permalink
Interesting to say the least.
https://siliconangle.com/2023/01/16/hackers-reportedly-breach-thousands-...
Posted: 21-Jan-2023 | 11:51AM · Permalink
I do wish the press and everyone else would stop referring to it as "the breach." Gen Digital and Norton Password Manager were not breached. 6,450 customers (a very, very small percentage) had their Norton accounts accessed because they had used the same log in credentials for Norton, and possibly the password manager, as they used for other sites, at least one of which was actually breached. Gen Digital detected the anomalous surge in failed log ins and acted to protect users' accounts. It's fine if one wants to argue about the quickness of the response, or whatever, but the the security lapse here rests solely with users who did not follow recommended best practices, not Norton.
There are currently 4 users online.
Login or register to participate.