Norton, a leading provider of online security solutions, confirmed that a security breach has occurred, affecting a number of its customers’ accounts. The unauthorized third party may have accessed customers’ personal information, including first name, last name, phone number, and mailing address. The company also revealed that the hack may have targeted Norton Password Manager and exposed the data stored there.
In response to the incident, Norton promptly reset affected customers’ passwords to prevent further attempts by the unauthorized third party to access their accounts. The company also implemented multiple countermeasures to thwart the hackers’ efforts and protect customers’ data.
“We care deeply about our customers’ cyber safety and work to provide the best security for their data,” said Norton in their email. “That’s why we’re offering a credit monitoring service and strongly encourage our customers to use multi-factor authentication.”
The company advises all its customers to change their passwords, not only on Norton but also on other sites where they may have used the same password. It also encourages customers to practice good password hygiene, such as regularly changing passwords, not using the same password more than once, and using unique and complex passwords.
Customers who have concerns about the security breach or who would like more information about the credit monitoring service can contact Norton’s customer service team at norton_escalation@gendigital.com or call them toll-free at 1-800-607-8094.
Earlier this week, Norton sent an email to its customers which is shared below:
Dear Valued Customer,
We are writing to notify you of an incident involving your Norton account which has impacted your personal information.
Norton has intrusion detection systems in place to protect our customers and their data. These systems alerted us that an unauthorized third party likely has knowledge of the email and password you have been using with your Norton account (login.norton.com) and your Norton Password Manager. We recommend you change your passwords with us and elsewhere immediately.
What happened
On December 12, 2022, we detected an unusually large volume of failed logins to customer accounts. We quickly took steps to investigate, and we determined that, beginning around December 1, 2022 until around December 22, 2022, an unauthorized third party had used a list of usernames and passwords obtained from another source, such as the dark web, to attempt to log into Norton customer accounts. Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account. This username and password combination may potentially also be known to others.
What information was involved
In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address. Our records indicate that you utilize our Norton Password Manager feature and we cannot rule out that the unauthorized third party also obtained details stored there especially if your Password Manager key is identical or very similar to your Norton account password. If your data has been accessed, the unauthorized third party could make this data available to other unauthorized parties or use the password and email combination to try to access your other online accounts.
What are we doing
To protect you best, early in our investigation, we quickly reset your Norton password in order to prevent additional attempts to access your account by the unauthorized third party. In addition, we took numerous measures to counter the efforts of these unauthorized third parties and to impede their efforts to validate credentials and access accounts. We care deeply about your Cyber Safety and work to provide the best security for your data, such as offering multi-factor authentication which we strongly encourage you to use. We are also making a credit monitoring service available to you. If you would like additional information about this incident, or information on credit monitoring please contact our customer service team (contact details below). This notification was not delayed as a result of a law enforcement investigation.
What you can do
We recommend urgently changing your password, not only with Norton, but also on all other sites where you may have used the same password. All passwords stored in Norton Password Manager should immediately be changed.
Practicing password hygiene — such as changing passwords on a regular basis, not using the same password more than once, and using unique and complex passwords— is highly recommended and makes it less likely an unauthorized third party could gain access to accounts across services that use the same password. We also recommend implementing two-factor authentication for an added layer of security.
For more information
If you would like additional information about this incident, or information about credit monitoring, please contact us at norton_escalation@gendigital.com or call us toll-free at 1-800-607-8094.- Your Norton Team
Norton Support
Related stories:
- Lastpass users seek revenge with class-action lawsuit after devastating breach
- Massive Twitter Data Breach Affects 200 Million Users
- Uber suffers another ‘Data Breach’
You can also follow the story on Reddit
