What if someone whom you trust the most starts revealing your truth to everybody? We know it will be no less than a nightmare. The same is happening with GenDigital and NortonLifeLock which is sending data breach notifications to customers. Basically, this notification notifies them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
A letter sample has been shared with the Office of the Vermont Attorney General that says the breach is not the reason attack but account compromise is the reason for the attack. Despite this attack, NortonLifeLock has not accepted the compromise of its own system but unauthorized third-party access.
One of the shocking things that came out of the letter is that usernames and passwords are available to be bought on the dark web when a user committed to accessing an account. The firm is trying very hard to cope with this situation by deleting the failed login attempt for a few days.
According to Bleeping Computer, Their internal investigation has revealed that a credentials-stuffing attack has led to the disclosure of users’ account details.
Source link