科技创新!
Identify theft protection service LifeLock reportedly exposed customer email addresses
Symantec's identity theft protection service, LifeLock, has reportedly exposed millions of customer email addresses due to a website bug.
LifeLock's email marketing webpage was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.
SEE ALSO: Google announces its first foray into the security key marketThe vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock's communications.
Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage.
Krebs was alerted of the flaw by another researcher, Nathan Reese, who was able to create a script which pulled emails from the website. Reese managed to retrieve 70 emails before stopping.
Tweet may have been deleted
It's an attractive vulnerability to phishers wanting to target LifeLock customers, who come to the service to protect their personal data.
When Mashable attempted access of the flaw, the vulnerability was no longer working, with the webpage requiring an email to unsubscribe from LifeLock's communications.
A Symantec spokesperson explained via email that the "issue was not a vulnerability in the LifeLock member portal."
"The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails," the statement added.
"Based on our investigation, aside from the 70 email address accesses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page."
Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after failing to secure consumers’ personal data, and allegedly engaging in deceptive advertising.
LifeLock has more than 4.5 million users, according to a 2017 press release. It was acquired by Symantec in 2016 for $2.3 billion.
UPDATE: July 26, 2018, 3:34 p.m. AEST Added a statement from Symantec.
Featured Video For You
Scooby Doo Syndrome (Or why founders need to move on)
友链
外链
互链
Copyright © 2023 Powered by
Identify theft protection service LifeLock reportedly exposed customer email addresses-蜻蜓点水网
sitemap
文章
4191
浏览
6543
获赞
43
热门推荐
Firefighters resuscitate unconscious puppy with special animal O2 mask
You've heard of firefighters saving kittens from trees, but have you ever heard of them saving a pupTrump set aside time during press conference with Theresa May to insult CNN, naturally
Different continent, same old CNN-hating Trump.On Friday, the U.S. president upheld his vendetta agaGoogle cuts off Huawei's Android license amidst U.S.
Be nervous if you're a Huawei customer.Google has reportedly stopped doing business with the ChineseThis 'Harry Potter' themed engagement ring is wand
Ordinary engagement rings are magical enough on their own -- but when you throw in a nod to Harry PoEveryone seems to forget about that time Trump endorsed Eminem for President
A long time ago, in a much simpler time, Eminem ruled the early 2000's, Trump wasn't president, andMeghan Markle's dad opens up about the royal wedding in very honest interview
Ever since the news broke that Prince Harry was dating Suitsactress Meghan Markle, her entire familyHuawei cancels laptop launch because of U.S. ban
Huawei has cancelled its planned launch of a new laptop due to a recently imposed U.S. ban that forbApple fans lose their sh*t for an Apple Watch tip calculator
It's the feature that everyone's dad has been waiting for. At today's WWDC in San Jose, California,Here's what really happens when you call those celeb fundraising lines
When you call in to a celebrity charity fundraising telethon, are George Clooney and his pals reallyScary deepfake tool lets you put words into someone's mouth
If you needed more evidence that AI-based deepfakes are incredibly scary, we present to you a new aAs concern over deepfakes shifts to politics, detection software tries to keep up
Fake faceswap videos haven't overrun the internet or started a world war yet, but there are programmApple’s $6,000 cheese grater is a goddamn revelation
Get a load of this Apple cheese grater. The new Mac Pro, unveiled onstage today at WWDC in San Jose,When Chrissy Teigen puts out the call for ripe bananas, Twitter is ready to help
Leave it to Chrissy Teigen to use her fame to crowdsource for....bananas.The model/cookbook author uU.S. Customs data breach sees traveler photos stolen
Photos of travelers collected by U.S. Customs and Border Protection (CBP) have been compromised in aKristen Bell has a special trick to prevent pruney pool fingers
Nothing comes in between Kristen Bell and a Sunday dip in the pool — not even her hatred of th