This forum thread needs a solution.
Kudos0

Norton login compromised

Posted: 12-Nov-2021 | 8:42PM · Edited: 01-Dec-2021 | 4:45AM · 8 Replies ·

FYI - I use 2 factor authentication with Norton - - and most apps requiring security and never "trust this device" I installed Norton Family on my 12 year old sons mobile phone. Accessing his phone only once. Closing all apps after use and ensuring passwords etc were/are never saved. My son has no access to my mobile, laptop or any account/password information My Norton password was 11 digit with upper lower numbers symbols as per usual protocols - with Authenticator 6 digit random code gen/60secs *** My Norton password was accessed using a brute force algorithm. The account was not suspended nor was i notified of the thousands of attempts to log into my account.  *** 2 factor authentication bypassed *** 2 notifications ONLY - Accessibility has been turned off ... followed by Norton Family parental control has been turned off - Both from my sons mobile device  How can my main account password for Norton be compromised using a brute force algorithm without raising any kind of alarm  I had/have the expectation that the likes of Norton would be sophisticated to a level beyond a 12 YEAR OLD CHILD I had/have the expectation that having set-up and used 2 factor authentication for everything else on the Norton platform that it would be required when disabling and removing your product???

Labels: Activity Monitoring, Application Blocking, Activation, Background Tasks, Blue Screen, Cannot Start/Open Norton, Connection Blocking, Intrusion Prevention, Location Awareness, Monthly Report, Norton Management, Norton Community Watch, Norton Support, Norton 360, Threat Detection, Tech Support Scams, Virus, Virus Scan

Replies

Kudos0

Re: Norton login compromised

Posted: 12-Nov-2021 | 8:47PM · Permalink

Also I was treated very rudely by a number of support staff, who not only treated me like a IT illiterate regarding my account intrusion but could not or would not assist me with a VPN issue (based on FAQ quite common). I was advised i would receive a call back -- which was the following day (today). i have not missed a call
Kudos0

Re: Norton login compromised

Posted: 12-Nov-2021 | 9:31PM · Permalink

I would have a talk with your son, since he would seem to be the beneficiary of this.  After several failed attempts to log into your Norton Account, it would automatically be locked.  So something doesn't add up.

https://support.norton.com/sp/en/us/home/current/solutions/v101015618

Kudos0

Re: Norton login compromised

Posted: 12-Nov-2021 | 11:46PM · Permalink

thanks for your help. indeed he is/was the beneficiary. i am happy that he did not take it any further as he would clearly have had full access to norton 

agree something does not add up. i have spoken at length with my son and my issue now is not him being smart enough to write a algorithm (using python apparently) but that code that took approx 1 week to write AGAIN BY A 12 YR OLD could render Norton useless???

according to the link above the password may be locked for up to 1 hr .... considering the time taken and ZERO notifications regarding failed attempts to log in ... someone please explain

Kudos1 Stats

Re: Norton login compromised

Posted: 13-Nov-2021 | 7:01AM · Permalink

By my estimates it would take many years to crack an 11 position password with letters, numbers, symbols and upper/lower cases with today's computing power. By many years I mean well past any human lifetime.

In the future computers using quantum computing will do it in much less time but as of now the feat is near impossible. What is more possible is that your son gained access to your private info and also to your second factor authentication by being physically located in the same house.

If what you say is true your son will be able to get a full time high level executive position right now at Norton, Kaspersky, Macafee, RSA or anywhere else he chooses.

Kudos1 Stats

Re: Norton login compromised

Posted: 13-Nov-2021 | 8:21AM · Permalink

The scope of what we will be able to achieve using Quantum computing is far FAR beyond password cypher. 

I beleive your estimate is inaccurate. Apparently it took 4 days running in the background of his mobile, hardly a quantum computer. 

I would be more than happy to set-up a meeting in regards to the "high level executive position" that is available to him right now. Will he have a choice from the companies you have listed??

Thanks for your help

Kudos1 Stats

Re: Norton login compromised

Posted: 13-Nov-2021 | 8:43AM · Permalink

In your talk with your son, did he confirm that he had accessed your Norton Account? Your having 2FA set up, would mean that he would have had to have had access to the device that gives you the 6 digit authentication code to actually get into your account. 

Kids have been working around parental software for ever. Maybe post in the Norton Family forum board to see if you can get any help there.  https://community.norton.com/en/forums/norton-family  It could be that no one ever accessed your Norton Account.

Another option if your son's device is an Android based device, is to install Norton App Lock on your son's mobile device.  Set it up to block access to Norton apps and Android System Settings so he cannot disable Accessibility service for any apps.

Kudos1 Stats

Re: Norton login compromised

Posted: 13-Nov-2021 | 1:27PM · Permalink

Like xjoex, I also believe your son actually accessed the credentials from one of your devices.  As mentioned, the brute force attack would have taken possibly years, especially if the account locked you out for an hour after only a few unsuccessful attempts every time.  Then there is 2FA, which while not fool-proof, would still need to be compromised to allow access.  And you did not receive any notifications, the most likely explanation being that the log-ins were done with the proper credentials.  I could be wrong of course, but from what you describe it seems to me more likely that one of your devices was hacked locally to steal the credentials, rather than the Norton account itself.

Kudos0

Re: Norton login compromised

Posted: 13-Nov-2021 | 1:52PM · Edited: 13-Nov-2021 | 1:58PM · Permalink

FWIW ~ when I've been locked out of my Norton account with the "wait for one hour" message. 
In my experience ... I've needed to wait a lot longer than "one hour".  
Support advised me to power cycle my router...to clear locked out.  

This thread is closed from further comment. Please visit the forum to start a new thread.