Cybersecurity services provider NortonLifeLock has warned its customers of a potential data breach that has compromised the password managers of about 6,450 customers.
This is yet another blow to the password manager eco-system where the popular password manager Lastpass was just recently compromised in late December.
In a notice to customers retrieved by Tech Crunch, Gen Digital, the parent company of NortonLifeLock said that the attack was performed using a credential stuffing technique where threat actors try out credentials in bulk.
The notice goes on to say that a hacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts as early as December.
Alarmingly, this has the potential to compromise customers' other online accounts, loss of digital assets and sensitive information.
Servers not compromised
According to a letter sample shared with the Office of the Vermont Attorney General, Norton said: "Our own systems were not compromised.
“However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account.
"This username and password combination may potentially also be known to others."
Who is impacted?
NortonLifeLock says that the risk is significantly large for customers who use similar Norton account passwords and password manager master keys, thereby permitting the hackers to sidestep across different domains.
The notice warns that the attackers might have obtained details stored in their private vaults.
The company claims it has reset Norton passwords on compromised accounts to prevent attackers from gaining access to them again in the future and also implemented additional measures to counter the malicious attempts.
Furthermore, NortonLifeLock also advises customers to enable two-factor authentication to protect their accounts and take up the offer for a credit monitoring service.