Identity theft protection service reportedly exposes millions of customer email addresses

Please follow and like us:

LifeLock has actually a reported vulnerability which exposed client e-mail addresses.
Image: Getty Images

Symantec’s identity theft security service, LifeLock, has actually apparently exposed countless client e-mail addresses due to a site bug.

LifeLock’s e-mail marketing website was removed quickly after notified by security reporter and scientist Brian Krebs, who released the defect on his blog site.

The vulnerability permitted anybody with a web internet browser to gather client e-mail addresses by altering a number in the URL, which is utilized to unsubscribe from LifeLock’s interactions.

Each consecutive number represents a consumer record, and altering that number exposed an e-mail address on the website.

Krebs looked out of the defect by another scientist, Nathan Reese, who had the ability to produce a script which pulled e-mails from the site. Reese handled to recover 70 e-mails prior to stopping.

It’s an appealing vulnerability to phishers wishing to target LifeLock clients, who pertain to the service to secure their individual information.

When Mashable attempted gain access to of the defect, the vulnerability was not working, with the web page needing an e-mail to unsubscribe from LifeLock’s interactions.

A Symantec representative discussed through e-mail that the “concern was not a vulnerability in the LifeLock member website.”

“The concern has actually been repaired and was restricted to possible direct exposure of e-mail addresses on a marketing page, handled by a 3rd party, planned to enable receivers to unsubscribe from marketing e-mails,” the declaration included.

“Based on our examination, aside from the 70 e-mail address gain access to reported by the scientist, we have no sign at this time of any additional suspicious activity on the marketing opt-out page.”

Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after cannot protect customers ’ individual information, and apparently participating in misleading marketing.

LifeLock has more than 4.5 million users, inning accordance with a 2017 news release. It was gotten by Symantec in 2016 for $2.3 billion.

UPDATE: July 26, 2018, 3:34 p.m. AEST Added a declaration from Symantec.

Read more:

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

six + eleven =

You can see who we've worked with near you that you might know for a reference by browsing our hierarchical portfolio directory below. For video marketing, cities we serve include There was an error with contacting the service. Please check your Best Local SEO Tools settings like the state *full name* and city name. Some cities may cause bugs because they are not in our database. If that is the case,
%d bloggers like this: