Play all audios:
Millions of NortonLifeLock accounts have been breached by hackers, but parent company Gen Digital is claiming its not at fault. The company has been sending data breach notifications to
customers, informing them that hackers had mounted successful “credential-stuffing attacks.” A credential-stuffing attack is where the hacker gathers information from other compromised
accounts, in order to gain access to its target, using the same info. Norton said it detected “an unusually high volume” of failed login attempts on December 12, a sure sign of such an
attack. Over a two-week period, at least 925,000 accounts were successfully comprised, with the actual figure likely to stretch into the millions. Gen Digital confirmed that around December
1, 2022, a hacker used “username and password pairs they bought from the dark web” to attempt to log in to Norton accounts. “Our own systems were not compromised,” reads the letter from Gen
Digital to impacted account holders. “However, we strongly believe that an unauthorised third party knows and has utilised your username and password for your account. “This username and
password combination may potentially also be known to others.” Gen Digital confirmed it has secured “925,000 inactive and active accounts that may have been targeted by credential-stuffing
attacks”. These are just the ones they are aware of. “Our top priority is to help our customers secure their digital lives,” Gen Digital said in a statement. “Our security team identified a
high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers, and we quickly took a variety of actions to help secure our customer’s accounts
and their personal information. “Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found
elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts. “We have been monitoring closely, flagging accounts with suspicious login attempts and
proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our customers. “We continue to work with our customers to help
them secure their accounts and personal information.”