Living The Bad Life
Continuing the trend of password managers being compromised, if you are a NortonLifeLock user you have already received, or are about to receive, notification that they have been breached badly. Norton has informed their users that someone has managed to breach their systems and harvested both usernames and passwords. Unfortunately the breach happened in early December, and we are just finding out about it now.
While Norton did reset the passwords of all effected accounts, the attackers likely harvested customers first name, last name, phone number, and mailing address. It is also not unthinkable that those who use Norton may use similar passwords on other accounts, which will be vulnerable until those passwords are updated.
Bleeping Computer reached out to Norton in the hopes of finding out the total number of breached accounts but have yet to hear back. It is also unclear as to how the attackers were able to garner the actual passwords and not just the hashes. That, if nothing else, should make you think again about using Norton products.