Product reviews, deals and the latest tech news

According to Norton LifeLock, a breach affected thousands of customer accounts

In a recent data breach warning, Norton LifeLock stated that thousands of user accounts had been hijacked, possibly giving criminal hackers access to client password managers.

In an announcement to customers, Gen Digital, Norton LifeLock’s parent company, blamed a credential stuffing attack rather than a compromise of its systems as the likely cause of the incident. This type of attack involves the reuse of compromised credentials to gain access to accounts across multiple sites and services that use the same passwords. This is why Norton LifeLock’s two-factor authentication is so useful; it prevents hackers from gaining access to a user’s account if they just have their password.

According to the firm, the attackers began breaking into accounts as early as December 1, almost two weeks before the company’s systems discovered a “high number” of unsuccessful logins to client accounts on December 12.

An unauthorised third party “may have seen your first name, last name, phone number, and postal address while accessing your account using your login and password,” the data breach notification said. Since the firm cannot rule out the possibility that the attackers also obtained customers’ stored passwords, it has sent out a notification to clients who it suspects use its password manager tool.

About 6,450 consumers have their accounts with Gen Digital stated the company.

In order to safeguard your personal information and digital privacy, Norton LifeLock offers its services. It’s the most recent case of consumer password theft. Intruders broke into LastPass’s cloud storage and stole the encrypted password vaults of tens of millions of users earlier this year, the company acknowledged. In 2021, hackers broke into the servers of the firm behind Passwordstate, a major business password management, and sent a malicious update to its clients.

However, security experts still advise using a password manager to generate and store unique passwords, provided that further measures are taken to minimise the damage in the case of a breach.