首页 新闻中心 Identify theft protection service LifeLock reportedly exposed customer email addresses正文

Identify theft protection service LifeLock reportedly exposed customer email addresses

新闻中心 2024-09-22 08:27:55 75

Symantec's identity theft protection service, LifeLock, has reportedly exposed millions of customer email addresses due to a website bug.

LifeLock's email marketing webpage was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.

SEE ALSO:Google announces its first foray into the security key market

The vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock's communications.

Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage.

Krebs was alerted of the flaw by another researcher, Nathan Reese, who was able to create a script which pulled emails from the website. Reese managed to retrieve 70 emails before stopping.

It's an attractive vulnerability to phishers wanting to target LifeLock customers, who come to the service to protect their personal data.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

When Mashable attempted access of the flaw, the vulnerability was no longer working, with the webpage requiring an email to unsubscribe from LifeLock's communications.

A Symantec spokesperson explained via email that the "issue was not a vulnerability in the LifeLock member portal."

"The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails," the statement added.

"Based on our investigation, aside from the 70 email address accesses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page."

Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after failing to secure consumers’ personal data, and allegedly engaging in deceptive advertising.

LifeLock has more than 4.5 million users, according to a 2017 press release. It was acquired by Symantec in 2016 for $2.3 billion.

UPDATE: July 26, 2018, 3:34 p.m. AEST Added a statement from Symantec.

Featured Video For You
Scooby Doo Syndrome (Or why founders need to move on)
本文地址:http://r.zzzogryeb.bond/html/5a699473.html
版权声明

本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。

相关文章

热门文章

热门标签

全站热门

PCB official under probe for conflict of interest

汉源警方捣毁贩毒吸毒盗窃团伙 46名涉案人员落网

Karachi is now a peaceful city where sports are thriving: CM Murad

Democrats will propose bill closing background check loopholes; it will likely fail.

17 Spectacular Outdoor Staircases

Amazon deals of the day: Google Pixel Fold, Blink Outdoor 4, Bose S1 Pro+, and Google Nest Cam

Trump pressured to raise North Korea's human rights issues

Best monitor deals: Get discounted Samsung monitors at Amazon

热门文章

友情链接

©2024  Powered By 基督教福音影视网 -  网站地图

本站的部分内容来源于互联网,如不慎侵犯到您的权益,请联系我们,我们会在36小时内删除。

×