On January 10, security software company Norton, in a notification to the Vermont Attorney General’s office, shared that it had detected an unauthorised third-party logging into its customers’ accounts. The intrusion was first detected by Norton on Dec. 12.
The hackers received the usernames and passwords from the dark web to log into the customers’ accounts, Norton said. Through this, hackers could also break into the users’ password manager, and access even more sensitive information, the company added. The company however claimed that its own systems were not compromised.
What are password managers?
Password managers are programs designed to store passwords for local applications and online services allowing users to save their password information securely. Most password managers work online or are web-based, and store information in an encrypted format in a cloud storage solution that allows users to access their stored passwords on multiple devices.
Offline password managers, on the other hand, are installed on a device and act like a vault within the device to store information. They can be accessed using a key password and information from them must be manually transferred when using a different device. Some password managers also come with the ability to suggest strong passwords making it easier for users to keep their accounts safe.
Most tech companies providing a wide range of services. Google, and Apple have their own password managers that enable users to save their information and autofill login credentials when they visit websites.
Most password managers also store sensitive information like name, address and even payment details to autofill on web forms.
What happened with Norton’s Password Manager?
Norton, in its notification shared that while its own systems were not compromised, attackers hacked the login credentials of its users to access their accounts. They had access to user’s full names, phone numbers and mailing addresses.
Norton also said that the hackers could use this information to log into its password manager, if its key was identical to the main account password. This could enable them access even more sensitive information.
Norton asked its users to reset their passwords to prevent additional leaks and said it is making efforts to counter the threat from the data leak.
How does a breach in password manager impact users?
As seen in the case of data breach with Norton’s password manager, leaked information on the dark web can be used by attackers to access information with the password manager. This leaked information could happen due to weak security in services or websites that users visit.
Since password managers like other online services require users to input their master password to access data within, having a common or similar password as in other websites could lead to a breach in the Password Manager.
And since the information stored within the password manager includes sensitive data points like usernames and passwords for different websites, it could be used by hackers to access even account and payment information of users.
How can users secure their Password Manager?
While there is no fool-proof method of preventing data leaks, users can take certain steps that could lower the risk of their data being compromised. They should always ensure that they do not have one password for all their accounts, activate two-factor-authentication and ensure that none of their passwords match the key that lets them access their password manager.
Some password managers also provide information on compromised passwords stored within them which may have been leaked. Users can regularly check for such information and update their passwords accordingly.
Users should also be wary of visiting suspicious websites and ensure that all the software they use are running the latest security patch from their publishers.