925,000 Norton LifeLock Accounts Targeted by Credential-Stuffing Attack

'Thousands of people who use Norton password manager began receiving emailed notices this month alerting them that an unauthorized party may have gained access to their personal information,' reports CNET, 'along with the passwords they have stored in their vaults.

'Gen Digital, Norton's parent company, said the security incident was the result of a credential-stuffing attack rather than an actual breach of the company's internal systems.'

Gen's portfolio of cybersecurity services has a combined user base of 500 million users — of which about 925,000 active and inactive users, including approximately 8,000 password manager users, may have been targeted in the attack, a Gen spokesperson told CNET via email....

Norton's intrusion detection systems detected an unusual number of failed login attempts on Dec. 12, the company said in its notice. On further investigation, around Dec. 22, Norton was able to determine that the attack began around Dec. 1. 'Norton promptly notified both regulators and customers as soon as the team was able to confirm that data was accessed in the attack,' Gen's spokesperson said.
Personal data that may have been compromised includes Norton users' full names, phone numbers and mailing addresses. Norton also said it 'cannot rule out' that password manager vault data including users' usernames and passwords were compromised in the attack....

Norton is also offering access to credit monitoring services for affected users, according to its letter to customers.

Read more of this story at Slashdot.