Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Gen Digital Warns of Norton Password Manager Account Breach

Gen Digital, formerly Symantec Corporation and NortonLifeLock, has sent data breach notifications to numerous customers informing them that threat actors have successfully breached Norton Password Manager accounts in credential stuffing attacks. More specifically, the company sent the following message to users:

“Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account. This username and password combination may potentially also be known to others.”

Credential stuffing attacks are rather unsophisticated attacks that rely on breaching a user’s specific account, rather than breaching an organization itself. These attacks use the automated injection of credentials typically purchased from past breaches to compromise these user accounts.

These attacks were detected in early December, when an unusually large volume of failed logins was detected targeting Norton Password Manager accounts, which is indicative of a credential stuffing attack. The number of successfully breached accounts remain unknown at this time. Once investigation into the matter concluded on December 22, all affected accounts had their credentials reset.

Analyst Notes

Credential stuffing attacks are a rather old method of breaching an account, but they are still relatively successful. These attacks rely on human error in the form of reusing passwords. From an organizational standpoint, this could lead to account compromise if an employee reuses one of their passwords from an external site that was breached for their work account. To detect credential stuffing attacks, organizations can monitor logon events for a spike in failed authentications against multiple accounts. Additionally, there are numerous policies that could be put in place, such as enforcing strong password policies. These can include character and symbol limits as well as password expiration. Further, it is also beneficial to educate users on this attack and the dangers of reusing passwords across multiple sites.