An IT security researcher noted that unsubscribing from LifeLock’s newsletter revealed subscriber’s key.Upon further digging the researcher found out that key number is sequential and with the help of script written by himself he could extract keys and corresponding email addresses of every LifeLock subscribers
This is not the first time that LifeLock has done such a blunder. In 2014, the company pulled its Wallet app from availability and deleted all user data after it was revealed that the app may not be following standard security protocol.
Last year, a vulnerability in LastPass password manager allowed hackers to steal its customers’ login credentials. Moreover, in June 2017, OneLogin password manager suffered a cyber attack in which personal data of millions of users was stolen.
https://www.hackread.com/identity-theft-protection-firm-lifelock-exposed-user-emails/
This is not the first time that LifeLock has done such a blunder. In 2014, the company pulled its Wallet app from availability and deleted all user data after it was revealed that the app may not be following standard security protocol.
Last year, a vulnerability in LastPass password manager allowed hackers to steal its customers’ login credentials. Moreover, in June 2017, OneLogin password manager suffered a cyber attack in which personal data of millions of users was stolen.
https://www.hackread.com/identity-theft-protection-firm-lifelock-exposed-user-emails/
No comments:
Post a Comment