您现在的位置是:半岛新闻网 > 资讯
Identify theft protection service LifeLock reportedly exposed customer email addresses
半岛新闻网2024-09-22 09:30:02【资讯】8人已围观
简介Symantec's identity theft protection service, LifeLock, has reportedly exposed millions of customer
Symantec's identity theft protection service, LifeLock, has reportedly exposed millions of customer email addresses due to a website bug.
LifeLock's email marketing webpage was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.
SEE ALSO:Google announces its first foray into the security key marketThe vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock's communications.
Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage.
Krebs was alerted of the flaw by another researcher, Nathan Reese, who was able to create a script which pulled emails from the website. Reese managed to retrieve 70 emails before stopping.
Tweet may have been deleted
It's an attractive vulnerability to phishers wanting to target LifeLock customers, who come to the service to protect their personal data.
When Mashable attempted access of the flaw, the vulnerability was no longer working, with the webpage requiring an email to unsubscribe from LifeLock's communications.
A Symantec spokesperson explained via email that the "issue was not a vulnerability in the LifeLock member portal."
"The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails," the statement added.
"Based on our investigation, aside from the 70 email address accesses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page."
Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after failing to secure consumers’ personal data, and allegedly engaging in deceptive advertising.
LifeLock has more than 4.5 million users, according to a 2017 press release. It was acquired by Symantec in 2016 for $2.3 billion.
UPDATE: July 26, 2018, 3:34 p.m. AEST Added a statement from Symantec.
Featured Video For You
Scooby Doo Syndrome (Or why founders need to move on)
很赞哦!(53352)
相关文章
- Google Gemini now allows AI
- Twitter gets a win in lawsuit against U.S. government for right to reveal data requests
- S. Korea mulling various measures to intensify pressure on NK: foreign ministry
- Moon calls for all
- 雅安市第四人民医院:工娱治疗让患者康复之路充满希望
- Elon Musk: Tesla Battery Day tech won't be mass produced until 2022
- Dude discovers his airport selfie with Jessica Alba is displayed in a deli he's never been to
- Moon to meet ruling, opposition leaders over N. Korea late Wednesday
- By a technicality, August's full moon is blue. Here's why.
- Tesla EVs cost too much, so drivers turn to car
热门文章
站长推荐
NCT member Taeil leaves band over sexual offense allegations
我市农网改造工程获中央预算内投资1.5亿元
McIlroy rings changes in quest for elusive Masters win
US, NK brinksmanship brings warning of ‘unpredictable nosedive’
Gastro Obscura's Guide to Where to Eat in Nashville
Meet Carrie Bradshaw's biggest critic
紫光阁元勋画像“骁勇王国”的统帅和勇士
Stable and scalable photo