Identity theft protection service reportedly exposes millions of customer email addresses

Brian Krebs

LifeLock has a reported vulnerability which exposed customer email addresses.
Image: Getty Images

Symantec’s identity theft protection service, LifeLock, has reportedly exposed millions of customer email addresses due to a website bug.

LifeLock’s email marketing webpage was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.

The vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock’s communications. 

Recommended For You

MailPrimo Pro

World's No.1 and Most Powerful Cloud Based Email Marketing Software to STOP Losing Leads, STOP Paying Heavy Monthly Fees and Generate More Leads, Get Better Delivery, More Opens and Clicks completely hassle free...

Lead2List Elite Monthly

Leads2list captures leads from Facebook as per the niche you have set in. These leads are sought in a perfectly legit manner and rest assured the process is 100% GDPR complaint.Once the leads have been harvested Leads2list then feeds them straight into

Memester Ace Yearly

Memester Ace can support 12 Facebook Groups. Facebook Groups support is not available in the elite version.You also get the capability to work with higher caps.The Memester Ace Version can integrate with 25 Facebook Pages, 8 Facebook Profiles, 10 Twitt

Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage.

Krebs was alerted of the flaw by another researcher, Nathan Reese, who was able to create a script which pulled emails from the website. Reese managed to retrieve 70 emails before stopping. 

It’s an attractive vulnerability to phishers wanting to target LifeLock customers, who come to the service to protect their personal data. 

When Mashable attempted access of the flaw, the vulnerability was no longer working, with the webpage requiring an email to unsubscribe from LifeLock’s communications.

Recommended For You

StockKosh Reseller Premium 100

100 StockKosh Reseller Accounts. Resell them and earn as much money as you want.

Special Repwarn Resellers Monthly Account

Repwarn Resellers Account Monthly Subscription. Allowing you to sell Repwarn Software.

SociDeck Elite

SociDeck is a feature-packed social media management software that converts social conversations into conversions by allowing users to manage their 3 biggest social media accounts- Facebook, Twitter and Instagram at one place.

A Symantec spokesperson explained via email that the “issue was not a vulnerability in the LifeLock member portal.” 

“The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails,” the statement added. 

“Based on our investigation, aside from the 70 email address accesses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page.”

Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after failing to secure consumers’ personal data, and allegedly engaging in deceptive advertising. 

LifeLock has more than 4.5 million users, according to a 2017 press release. It was acquired by Symantec in 2016 for $2.3 billion. 

UPDATE: July 26, 2018, 3:34 p.m. AEST Added a statement from Symantec.

WATCH: Scooby Doo Syndrome (Or why founders need to move on)

Federal Trade Commission

Recommended For You

Know WP - Special Offer

Step-By-Step Wordpress Video Training

VideoPal Deluxe Monthly Upgrade

Instantly Unlock Five Additional Avatars and Premium Voices With VideoPal Deluxe. You Also Get Excusive Access To New Avatars Each Month, Priority Upgrades, and VIP support.

Original Article : HERE ; This post was curated & posted using : RealSpecific

Thank you for taking the time to read our article.

If you enjoyed our content, we'd really appreciate some "love" with a share or two.

And ... Don't forget to have fun!

Recommended Products

EZ Spokesperson Creator - Pro Creations

Your own digital agency complete with dozens of easy to edit animated videos.

Clickopia Unlimited (Unlimited Monthly Clicks)

Clickopia Unlimited Click Tracking Service - Monthly service with a one-time price. Track unlimited links for up to unlimited clicks per month.

Leave a Reply