Skip to Content
Norton data breach
© Weerapat Kiatdumrong | Dreamstime.com
Security & privacy

Norton customer breach: Were your passwords stolen?

No companies appear to be safe when it comes to cybersecurity. Online sports betting service DraftKings recently suffered a data breach, while a healthcare system exposed the details of over 3 million users.

Things just got more frightening as we found out a popular cybersecurity company suffered a massive data breach. When a service in charge of protecting your digital life is breached, it’s time to take action.

Read on for details on this scary breach and a few ways to protect your information.

Here’s the backstory

Credential stuffing is a popular technique for cybercriminals. So, what is credential stuffing? It’s when criminals take stolen usernames and passwords and use bots to inject them into other websites, hoping to gain access to accounts. The stolen credentials are often posted on the Dark Web, making it easy for thieves to get their hands on them.

Credential stuffing attacks are successful when a victim uses the same password on multiple online accounts. If a thief has compromised credentials from one site, they can use them to infiltrate another that uses the same password. That’s why it’s critical to have strong, unique passwords for every online account.

Norton LifeLock recently suffered a data breach, and the company says its system wasn’t at fault. It claims the breach was the result of a credential-stuffing attack. At any rate, thousands of users’ details were exposed.

In a notice sent to impacted users, the company explains that “our systems were not compromised. However, we strongly believe that an unauthorized third-party knows and has utilized your username and password for your account.”

It’s believed that as many as 925,000 inactive and active accounts were compromised. Stolen data includes first names, last names, phone numbers, and mailing addresses.

How to protect against data breaches

The first thing you must do is change your Norton LifeLock account password. Next, ensure all of your online accounts have unique passwords. Don’t use the same password for multiple accounts.

Here are some other tips that will help you to stay safe online:

  • Change your passwords regularly – Do this at least once every few months. If you haven’t done so, you should change your Norton LifeLock master password ASAP. Tap or click here for tips to create stronger passwords.
  • Never use the same password for multiple accounts – Through credential stuffing, hackers use stolen passwords on different services, hoping to find duplications. Norton claims this is what happened in this breach.
  • Where available, always use two-factor authentication (2FA) – This additional security measure makes it difficult for hackers to break into accounts without the security code sent to your phone or an authentication app. Tap or click here for more details on 2FA.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Norton renewal email scam: Keep an eye out for this phony invoice

Antivirus warning: What to do if you see this warning from McAfee

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook