Norton Password Manager Breached Using Credential-Stuffing Attacks, Report Said

Norton Password Manager

Using strong passwords is the key for a safe online data keeping and presence. The thing is, not everyone understands that, and many people simply don't listen.

Gen Digital, or formerly known as Symantec Corporation and NortonLifeLock, has been sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts using credential-stuffing attacks.

The attacks didn't happen because of a breach at the company's system, but instead, was a result of compromised user accounts on other platforms.

According to the notice by NortonLifeLock, in a post on the Office of the Vermont Attorney General's website

Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account."

"This username and password combination may potentially also be known to others."

Read: Tips In Creating A Strong Password That's Hard To Guess But Easy To Remember

More specifically, the notice explains that around December 1, 2022, an attacker used login credentials they bought from the dark web to attempt to log in to Norton customer accounts.

And apparently, they were successful.

The company detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors started trying out credentials they stole in bulk.

NortonLifeLock said that its breach detection systems “alerted us that an unauthorized third party likely has knowledge of the email and password you have been using with your Norton account ( and your Norton Password Manager.”

And on December 22, 2022, after completing its internal investigation, the company revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.

Making things worse, when the hackers managed to compromise the accounts they targeted, according to Norton, "the unauthorized third party may have viewed your first name, last name, phone number, and mailing address."

A spokesperson for the company said that:

"Our top priority is to help our customers secure their digital lives. Our security team identified a high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers, and we quickly took a variety of actions to help secure our customer’s accounts and their personal information. Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today’s world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts."
Norton Password Manager

The alert warns users of the Norton Password Manager function that the attackers

Depending on what users keep in their accounts, this could lead to additional online accounts being compromised, the loss of digital assets, the disclosure of secrets, and more.

And because comparable Norton account passwords and Password Manager master keys make it easier for attackers to switch tactics, NortonLifeLock emphasizes that the risk is particularly high for certain users.

The company said that it has changed the Norton passwords on affected accounts in order to prevent attackers from obtaining access to them again in the future.

The company also said that it put additional safeguards in place to thwart the fraudulent tries.

To prevent any similar attacks in the future, NortonLifeLock suggests that users enable two-factor authentication, and accept the its of a credit monitoring service.

While the company didn't disclose the number of affected users, it is said that around 500 million consumers purchased goods and services using Gen Digital’s array of companies.

It's estimated that the attack affected at least 925,000 accounts, both active and dormant.

Read: The Reason Why Using Any Password Manager Is Better Than Not Using Password Manager At All