LifeLock Bug Leaked Customers’ Email Addresses Online

  • 133
  •  
  •  
  •  
  •  
  •  
  •  
    133
    Shares

Sometimes, slight glitches can put millions of customers on the verge of hacking. This recently happened to LifeLock customers but fortunately, they haven’t faced any troubles (at least no such reports have been received yet). The LifeLock bug could potentially have leaked millions of customer’s email addresses online although the company disputes the amount of those affected and after receiving notification about the glitch, the firm fixed the bug.

LifeLock Bug Leaked Customers’ Email Addresses

A freelance security researcher contacted KrebsonSecurity to inform them about a bug in the website of LifeLock. According to the researcher Nathan Reese, the LifeLock bug could have leaked the email addresses of millions of its customers.

Reportedly, a glitch on the website of LifeLock could have allowed the hackers to harvest millions of email addresses of LifeLock customers through the website. Reese noted the flaw after receiving an email from LifeLock regarding renewal of membership. Since he wasn’t interested, he clicked on the unsubscribe link, after which he discovered the flaw.

“Clicking the “unsubscribe” link at the bottom of the email brought up a page showing his subscriber key. From there, Reese said, he wrote a proof-of-concept script that began sequencing numbers and pulling down email addresses. Reese said he stopped the script after it enumerated approximately 70 emails because he didn’t want to set off alarm bells at LifeLock.”

 

LifeLock bug

Commenting about his findings, Reese said,

“If I were a bad guy, I would definitely target your customers with a phishing attack because I know two things about them. That they’re a LifeLock customer and that I have those customers’ email addresses.”

Ironically, LifeLock, a cybersecurity firm owned by Symantec, offers identity protection to the customers.

LifeLock Fixed The Bug

After LifeLock were notified about the bug they immediately took action, took the website down for maintenance and fixed the bug. After the original article was published Symantec released the following statement in response to the incident.

“This issue was not a vulnerability in the LifeLock member portal. The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails. Based on our investigation, aside from the 70 email address accesses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page.”

Glitches and vulnerabilities in websites that potentially expose customers’ information are not new. A few days ago, we reported a similar flaw in the website of Telefonica’s Movistar that exposed extensive details of the customers.

Let us know what you think in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!