Blog

Lifelock Customers At Risk Of Email Information Exposure

Aug 8, 2018 | Blog

A dark day for Lifelock, the Identity Theft Protection company.  It has recently come to light that the company may have accidentally exposed their customers to additional attacks.

They recently fixed a vulnerability on their website that allowed anyone with a browser to index email addresses associated with their entire customer database. The vulnerability can even unsubscribe users from company communications designed to keep them safe and keep them apprised of changes they need to be aware of.

In addition to that, the vulnerability made it possible for hackers to initiate highly targeted phishing campaigns and create a convincing spoof of the Lifelock brand.

Symantec, which purchased Lifelock in late 2016, took the company’s website offline not long after being contacted by KrebsOnSecurity, which is how they became aware of the vulnerability.

Krebs was made aware of it by Nathan Reese, a freelance security consultant based out of Atlanta.  Nathan put together a proof of concept script that was capable of downloading the email addresses of all 4.5 million of Lifelock’s customers and then presented it to Krebs.

Reece aborted his script after downloading 70 emails so as not to set off alarm bells at Lifelock, and had this to say about his discovery:

“If I were a bad guy, I would definitely target your customers with a phishing attack because I know two things about them.  That they’re a LifeLock customer and that I have those customers’ email addresses.  That’s a pretty sharp spear for my spear phishing right there.  Plus, I definitely think the target market of LifeLock is someone who is easily spooked by the specter of cybercrime.”

He’s not wrong, so it’s good that Reece isn’t a bad guy.

There’s no evidence that any hackers were aware of the issue, or made off with any of Lifelock’s customer emails. However, given the existence of the now-patched flaw, it pays to be suspicious of any email that appears to be coming from Lifelock for the short to medium term, at least.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech