NortonLifeLock

Reusing passwords for multiple accounts can lead to password compromise, unauthorized account access, cyberattacks, and data breaches. Gen Digital, formerly Symantec Corporation and NortonLifeLock, notified customers of breached Norton Password Manager accounts in credential stuffing attacks as a result of compromised accounts on other platforms. NortonLifeLock believed an unauthorized third party acquired username and password combinations from the dark web around December 1 and utilized them in bulk to gain access to Norton accounts, which was detected after an unusually large number of failed login attempts on December 12. The credential stuffing attacks compromised thousands of accounts with potential access to first names, last names, phone numbers, mailing addresses, and possibly data stored in private vaults. This information could be used to compromise other accounts, steal digital assets, reveal secrets, and more. NortonLifeLock reset passwords for impacted accounts, advised enabling MFA, and offered a credit monitoring service. Impacted users who suspect their personally identifiable information (PII) has been compromised should review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources.