“Thousands of people using Norton password manager started receiving alerts via email this month notifying them that a third party may have access to their personal information and passwords access that they have stored", reports CNET.
"Gen Digital, Norton's parent company, said the security incident was the result of a credential-stuffing attack and not an actual breach of the company's internal systems."
The services cyber securityGen Digital has 500 million users — of which about 925.000 are active, and may have been targeted in the attack, a Gen Digital representative told CNET via email.
Norton's intrusion detection systems detected an unusual number of failed login attempts on December 12, the company said in its statement. Upon further investigation, around December 22, Norton was able to determine that the attack began around December 1.
"Norton immediately notified both the authorities and its customers once the team was able to confirm that data was accessed from the attack."
Personal data that may have been compromised includes Norton users' full names, phone numbers, and mailing addresses.
Norton also said it "cannot rule out" that password manager data, such as user usernames and passwords, was compromised in the attack.