NortonLifeLock announced that over the past few weeks, attackers have managed to compromise the accounts of thousands of users of the Norton Password Manager password manager. The company is currently sending notifications to customers affected by this incident.

According to reports, the incident was not due to any vulnerability in the company's IT systems or software. The notification says that the attackers carried out a massive credential spoofing attack, i.e. tried to log in to the password manager with data obtained from third-party sources, possibly in the course of other information leaks. Simply put, the attackers tested the possibility of authorization in Norton Password Manager with user data from other accounts.

It is noted that carrying out such an attack was impossible if all users of the password manager used the two-factor authentication function, which does not allow access to data only with a password. Regarding the incident, it is said that on December 12, Norton specialists recorded an unusually large number of unsuccessful authorization attempts in the system. An internal investigation, which was conducted after the actions of the attackers were identified, showed that the first attacks with credential substitution began on December 1.

According to the source, Gen Digital, a subsidiary of NortonLifeLock, sent out 6,450 notices to customers whose accounts were affected in this incident. Another source reports that the attackers could have attacked about 925,000 active and inactive customer accounts of the company. Customers have been notified that attackers may have accessed usernames and passwords, as well as personal information such as full names, phone numbers, and email addresses. The company strongly encourages users to use two-factor authentication to avoid similar incidents in the future.