Norton LifeLock – the company that promises to keep you cybersafe – discovered an unauthorized third party trying to log into a large swath of customer accounts.
The company is urging customers to change their passwords or risk being compromised.
Norton’s legally required data breach notification was posted on the Office of the Vermont Attorney General’s webpage Friday afternoon.
The security software company first became aware of the incident on December 12, when intrusion detection systems alerted security teams of the unusual activity within the system.
This led them to realize that the customer accounts had been potentially compromised.
Norton traced the incident back to December 1.
By December 22, the investigation concluded the third party most likely obtained the large collection of usernames and passwords from another source, such as the dark web.
“In assessing your account with your username and password, the unauthorized user third party may have viewed your first name, last name, phone number and mailing address.”
It’s the second high-profile password manager to be hacked in the past year, leaving many consumers wondering if the applications can really be trusted.
Popular password manager LastPass was hacked in 2022 causing their reputation to plummet among users.
Because the LifeLock plan comes with Norton’s Password Manager Feature, the company warned customers the third-party user most likely had also stolen the usernames and passwords stored in their password vault.
Individual email addresses, often recycled for account usernames, would also be considered exposed, said Norton.
Once the company became aware of the mass login attempts, they “quickly reset all user passwords.”
Norton said its systems were never compromised during the attack.
Customers were urged to change all account passwords stored inside the password manager and to incorporate multi-factor authentication on their Norton accounts.
Vermont’s Data Breach Protection Law allows private companies up to 45 days to notify consumers if their personally identifiable information (PII) or login credentials have been potentially compromised in the event of a data breach.
The security firm is offering free credit monitoring to all its customers. Law enforcement is also involved in the investigation, said Norton.