Skip to comments.LifeLock Bug Exposed Millions of Customer Email Addresses
Posted on 07/26/2018 8:42:07 AM PDT by snarkpup
Identity theft protection firm LifeLock a company thats built a name for itself based on the promise of helping consumers protect their identities online may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.
The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLocks brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the companys site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.
If I were a bad guy, I would definitely target your customers with a phishing attack because I know two things about them, Reese said. That theyre a LifeLock customer and that I have those customers email addresses. Thats a pretty sharp spear for my spear phishing right there. Plus, I definitely think the target market of LifeLock is someone who is easily spooked by the specter of cybercrime.
(Excerpt) Read more at krebsonsecurity.com ...
In recent weeks, I have almost entirely given up on talk radio in favor of using alternative media. One of the nicest things about this is that I no longer get beaten over the head every few minutes by LifeLock commercials.
I highly doubt that it’s a bug, it smells more like a feature to me.
I dropped them months ago.
Who protects from lifelock?
It’s kinda like the safety spout on my gas can caused me to spill gas on my lawn mower exhaust, causing a fire.
Oh, I’m sure Rush will address this today in his usual 10 minute infomercial.
So did I, when they lined up with the anti-2A Nazis.
I rarely listen to Limbaugh’s show.
Wilkow is much better.
I thought Hannity promoted it instead of Rush.
The reality is that banks - and credit card companies, and Departments of Motor Vehicles nationwide - are in the identity business.
It bothered me a little when a bank employee was apologetic about the hoops I had to jump through to get access to my safe deposit box. I wasnt bothered by the ID check, I was more bothered that she would be bothered about it. I dont want it to be easy for anyone else to get into my safe deposit box.
The reason that Im not in LifeLock is that I blanch at the thought of telling the strangers who work for them absolutely everything they would need to know to rip me off. The news in this article is unfortunate - but, unfortunately, a little too close to inevitable to suit me.
It seems like a bank would be the institution - local, one at which I can personally present - which should be the interface between me and an institution like LifeLock. It needs to present a human face, on the one hand, and OTOH it needs to be nationwide and even worldwide, perhaps - and reliably competent and secure.
You know, like Hillarys bathroom server! </sarcasm>
(I seem to recall that Informed Delivery is one of those things Krebs said you should sign up for even if you don't want it. This makes it harder for a thief to register as you.)
Rush and LifeLock, Levin and GoldLine, Hannity and Liberty gun safes.. when will the barrage stop? ;_)
It was only a matter of time before Life-Lock became a victim albeit by it’s own hand and not a hack.
“Its kinda like the safety spout on my gas can caused me to spill gas on my lawn mower exhaust, causing a fire.”
Trump could get another million votes by issuing and EO that nullifies that stupid EPA safety spout regulation.
Lifelock is known for hiring foreign developers, who are also known as the dumbest developers.
I have a gas tractor, a zero turn mower, a push mower, a rider mower and various other hand held gas powered tools. The secret to getting a good gas can around here, I discovered, is auctions and estate sales. I have two cans that use the type of spout they currently sell, I’ll never buy another one. The spillage is unavoidable. I’ve actually thought about drilling a hole with a screw plug in the top of them.
They are the product of fascism. This is where a fascist regime hits you where you live.
I bought two of those crappy new cans and ripped the spring guts out of each nozzle and plugged the ends with rubber test tube stoppers from Ace Hardware.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.