Security & Fraud

LifeLock Website Taken Offline Temporarily Due To Security Flaw

LifeLock, the provider of online identity protection, took its website offline on Wednesday (July 25) after Brian Krebs, the security researcher, disclosed a design flaw that enables email addresses of subscribers to be harvested. In 2016, Symantec acquired LifeLock, which had 4.5 million customers as of the beginning of 2017.

Fortune reported that Krebs was alerted to the flaw by Nathan Reese, another researcher. According to the report, the subscription management page on LifeLock's website uses an easy sequential account number that, when modified, shows the email addresses of users matching the account. That would enable hackers to harvest emails and launch phishing campaigns pretending to be from LifeLock.

While there isn't evidence that it happened, Fortune noted that Reese was able to get 70 email addresses without being locked out. After Symantec was contacted by Krebs, the site was taken offline. When it did come back online, users were required to input a valid email address. It now no longer accepts only a user ID.

“This issue was not a vulnerability in the LifeLock member portal,” a Symantec spokesperson said in a statement provided to Fortune. “The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails. Based on our investigation, aside from the 70 email address addresses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page.”

In February of 2017, Symantec announced the closing of the $2.3 billion deal to buy LifeLock. At the time, the company said that more than one-third of Americans and more than 650 million people globally were victims of cybercrime in 2016 alone, making digital safety a top concern for consumers. In fact, it is an estimated $10 billion market.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.