Technology
Identify theft protection service LifeLock reportedly exposed customer email addresses
Symantec’s identity theft protection service, LifeLock, has reportedly exposed millions of customer email addresses due to a website bug.
LifeLock’s website was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.
The vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock’s communications.
Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage.
Krebs was alerted of the flaw by another researcher, Nathan Reese, who was able to create a script which pulled emails from the website. Reese managed to retrieve 70 emails before stopping.
It’s an attractive vulnerability to phishers wanting to target LifeLock customers, who come to the service to protect their personal data.
When Mashable attempted access of the flaw, the vulnerability was no longer working, with the webpage requiring an email to unsubscribe from LifeLock’s communications.
Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after failing to secure consumers’ personal data, and allegedly engaging in deceptive advertising.
LifeLock has more than 4.5 million users, according to a 2017 press release. It was acquired by Symantec in 2016 for $2.3 billion.
Symantec has been contacted for further comment.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Business7 days ago
Tesla’s new growth plan is centered around mysterious cheaper models
-
Business6 days ago
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
-
Business6 days ago
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
-
Entertainment4 days ago
Summer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
-
Business5 days ago
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
-
Business4 days ago
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
-
Entertainment3 days ago
What’s on the far side of the moon? Not darkness.
-
Business4 days ago
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal