Monday, July 30, 2018

LifeLock ID Theft Protection Leak Could Have Aided Identity Thieves



LifeLock's identity theft protection service suffered from a security flaw that put users' identities in jeopardy. The event forced its parent company, Symantec, to pull its website down to fix the issue after it was notified by KrebsOnSecurity. According to Krebs, an Atlanta-based security researcher discovered the vulnerability through a newsletter email he received from the service. Upon clicking "unsubscribe," a page that clearly showed his subscriber key popped up. That allowed the researcher to write a script that sequences numbers, which was able to pull keys and their corresponding email addresses from the service.
--



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.