Some Norton Password Manager Accounts Likely Breached

A malicious actor may have had usernames and passwords for some Norton and Norton Password Manager accounts as far back as Dec. 1.

Some NortonLifeLock customers have been notified that the credentials associated with their Norton and Norton Password Manager accounts have likely been used by malicious actors to access the services.

Details on the incident appear in a sample data breach notice from NortonLifeLock to affected customers, which was posted on the website of the Vermont attorney general’s office.

In the letter to customers, NortonLifeLock said that its breach detection systems “alerted us that an unauthorized third party likely has knowledge of the email and password you have been using with your Norton account (login.norton.com) and your Norton Password Manager.”

[Related: The 10 Biggest Data Breaches Of 2022 ]

“Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized vour username and password for your account,” the notice said. “This username and password combination may potentially also be known to others.”

Additionally, for customers that use the Norton Password Manager service, “we cannot rule out that the unauthorized third party also obtained details stored there especially if your Password Manager key is identical or very similar to your Norton account password.”

The notice indicates that NortonLifeLock’s systems detected a spike in failed account logins on Dec. 12. After a 10-day investigation, the company determined that the Norton account credentials may have been obtained by a malicious actor as far back as Dec. 1. The usernames and passwords were obtained from a source such as the dark web, according to the notice.

“We have been monitoring closely, flagging accounts with suspicious login attempts and proactively requiring those customers to reset their passwords upon login along with additional security measures to protect our valued customers,” Gen Digital Inc., which counts Norton among its product lines, said in a statement provided to CRN. “We continue to work closely with our customers to help them secure their accounts and personal information.”

In the breach notice to customers, NortonLifeLock added that by “accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address.”

The incident is another reminder that multi-factor authentication “is no longer optional in our personal accounts and our business accounts,” said Robby Hill, CEO of Florence, S.C.-based HillSouth, in an email to CRN.

MFA “stops cyber criminals in their tracks and we need to continue to embrace its rapid adoption,” Hill said.

The danger, he said, is that many people have started to become “numb” to the continued issue of personal information being bought and sold on the dark web.