Gen Digital, formerly Symantec Corporation and NortonLifeLock, has sent data breach notifications to numerous customers informing them that threat actors have successfully breached Norton Password Manager accounts in credential stuffing attacks. More specifically, the company sent the following message to users:
“Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account. This username and password combination may potentially also be known to others.”
Credential stuffing attacks are rather unsophisticated attacks that rely on breaching a user’s specific account, rather than breaching an organization itself. These attacks use the automated injection of credentials typically purchased from past breaches to compromise these user accounts.
These attacks were detected in early December, when an unusually large volume of failed logins was detected targeting Norton Password Manager accounts, which is indicative of a credential stuffing attack. The number of successfully breached accounts remain unknown at this time. Once investigation into the matter concluded on December 22, all affected accounts had their credentials reset.