Please Sign In with Norton Account to Ask a Question or comment in the Community
al corriente: 13-Ene-2023 | 1:36PM · Edited: 13-Ene-2023 | 1:38PM · 4 Respuestas · Enlace permanente · Translation:
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
We expect responsible comments and recommendations from Norton executives.
al corriente: 13-Ene-2023 | 6:49PM · Edited: 13-Ene-2023 | 6:53PM · Enlace permanente
From what I can gather from the article no Norton applications were breached.
The breach occurred on other platforms that some users were using to store their Norton account id and password. That data was sold on the dark web and some bad actors logged into some Norton accounts. Those accounts apparently were not using 2FA.
Anyone who uses the same Norton password and vault ID password would now be susceptible to a hack into their Norton Password Manager data which of course might store some valuable IDs and passwords for many websites.
This shows the importance of 2FA and also of using long strong individual passwords for each application or login.
The number of users is unknown but Norton has already contacted those users and also reset their passwords automatically. I believe Norton has done due diligence here.
al corriente: 15-Ene-2023 | 2:57AM · Enlace permanente
Thank you for your input. I am annoyed that Norton has not alerted all service users and explained this situation clearly, to pacify anxiety.
I saw this on a notification from a newsfeed. Having experienced problems with access to Norton Life Lock in the past month I was immediately thinking maybe this is the reason.
Your explanation suggests my issues lie elsewhere, as I use separate strong passwords for my account and vault.
al corriente: 16-Ene-2023 | 9:19PM · Edited: 16-Ene-2023 | 10:13PM · Enlace permanente
I always considered Norton Password Manager to be safer than many precisely because it requires two log-ins, one to your Norton account and one to your vault. Assuming you use different strong passwords for each, you essentially have the sign-in to your vault completely hidden behind the sign-in to your account. Add in two factor authentication, and that is a really secure set-up. While all the facts of the breach have not come out, I would bet that a majority of the compromised accounts used a single password for both the account and the vault and did not have 2FA enabled.
They always tell you never to use the same password for multiple accounts and this attack demonstrates why. The hackers were using stolen credentials from other sites and plugging them into the Norton account log-in, hoping to find ones that matched and allowed access. I would really hope that most people would not use the same credentials for their Norton account, Password Manager, and other unrelated accounts. But I'm sure some did.
al corriente: 17-Ene-2023 | 10:19PM · Enlace permanente
This thread is closed from further comment. Please visit the forum to start a new thread.