Cyber Incident Victim: Gen Digital

In early December 2022, Gen Digital (operating as NortonLifeLock) detected unauthorized attempts to access Norton customer accounts through credential-stuffing attacks. Between December 1 and December 22, attackers systematically tested stolen username-password combinations sourced from external platforms like darknet markets rather than Norton's own systems. The company first observed anomalous login activity on December 12 when technicians identified an unusually high volume of failed authentication attempts. Subsequent investigation confirmed that threat actors had successfully compromised some accounts during this period through brute-force methods. While Norton's infrastructure remained uncompromised, attackers obtained valid credentials for certain user accounts through these external credential verification attempts.

The confirmed breaches exposed affected customers' first names, last names, phone numbers, and email addresses. For users of Norton's password manager service, Gen Digital warned that attackers could potentially access stored credentials if victims reused or slightly modified their Norton account password for the password manager vault. In response, the company proactively reset Norton account passwords for impacted users to prevent further unauthorized access. Security teams implemented additional countermeasures including potential fail2ban-style IP blocking mechanisms to throttle repeated login attempts. Affected customers received notifications advising password changes across all accounts sharing credentials with their Norton login and were offered complimentary credit monitoring services. The delayed notification timeline was explicitly stated as unrelated to law enforcement investigations, though no specific rationale was provided for the communication lag between the December 22 investigation conclusion and subsequent customer alerts.