Set as Homepage - Add to Favorites

【LelleBelle】

Source:Wisdom Convergence Information Network Editor:Deals Time:2025-06-26 16:19:53

Symantec's identity theft protection service,LelleBelle LifeLock, has reportedly exposed millions of customer email addresses due to a website bug.

LifeLock's email marketing webpage was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.

SEE ALSO: Google announces its first foray into the security key market

The vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock's communications.

Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage.

Krebs was alerted of the flaw by another researcher, Nathan Reese, who was able to create a script which pulled emails from the website. Reese managed to retrieve 70 emails before stopping.

It's an attractive vulnerability to phishers wanting to target LifeLock customers, who come to the service to protect their personal data.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

When Mashable attempted access of the flaw, the vulnerability was no longer working, with the webpage requiring an email to unsubscribe from LifeLock's communications.

A Symantec spokesperson explained via email that the "issue was not a vulnerability in the LifeLock member portal."

"The issue has been fixed and was limited to potential exposure of email addresses on a marketing page, managed by a third party, intended to allow recipients to unsubscribe from marketing emails," the statement added.

"Based on our investigation, aside from the 70 email address accesses reported by the researcher, we have no indication at this time of any further suspicious activity on the marketing opt-out page."

Back in 2015, LifeLock paid $100 million to settle Federal Trade Commission contempt charges after failing to secure consumers’ personal data, and allegedly engaging in deceptive advertising.

LifeLock has more than 4.5 million users, according to a 2017 press release. It was acquired by Symantec in 2016 for $2.3 billion.

UPDATE: July 26, 2018, 3:34 p.m. AEST Added a statement from Symantec.

Featured Video For You
Scooby Doo Syndrome (Or why founders need to move on)

Topics Cybersecurity

Previous:Final Fantasy XV Mega CPU Battle

Next:Outdoor speaker deal: Save $20 on the Soundcore Boom 2

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

This Google report about millennials is called 'It's Lit' and oh, IT. IS. LIT.The Mac Pro is getting a major doOops, that vibrator with a camera is super easy to hackNorth Carolina won the national title, but atrocious refereeing stole the showWhy 'Moonlight' star Mahershala Ali introduced the NCAA Tournament finalYour internet data is absolutely a national security issueSonos PlayBase puts excellent home theater sound right where it belongsNorth Carolina fan really sinks her teeth into supporting the Tar HeelsLive from space! Watch Earth live streamed online.See how 'The Walking Dead' pulled off Shiva's killer attackThis cartoon perfectly sums up the agonizing debate of grammar nerdsGranny uses her $1200 Louis Vuitton to bag her fish from the marketWhy Warren Buffett is the new face of CocaMalala Yousafzai will finally receive one of Canada's biggest honorsSonos PlayBase puts excellent home theater sound right where it belongsHere's why dolphins slap octopuses into submission — and why it's dangerousDivorced couple still gets their family photo taken every year for their sonCreme Eggs on a pizza are either an abomination or the most delicious thing everThe Philippines' favourite fast food chain is opening in EuropeNorth Carolina fan really sinks her teeth into supporting the Tar Heels Oculus Rift gamers now have a VR esports league Apple iPad Pro 10.5 is Apple's best tablet A new Doctor has been picked, says former 'Doctor Who' showrunner Tech dominates ranking of the world's most valuable brands Weirdest music festival ever combines Migos with ZZ Top and Train, yes, Train Patrick Stewart drinks champagne from a shoe because this is a thing Augmented reality is the best way to show off a new iPhone 8 concept New York Times is using Google’s AI to expand online comments Pulse survivors talk fear, healing, and resilience in emotional photo series The inventor of pineapple pizza has died at the age of 83 'Black Mirror' the book is coming soon to haunt your nightmares NASA rocket launch could create an artificial aurora. Here's how to watch. Read about Jamie Fraser's quest to lose his virginity in a new 'Outlander' anthology Soz Justin Trudeau, Tommy Corbyn is the new internet bae Say goodbye to 'Hello,' creator of this overvalued sleep tracker Banks now have their own version of Venmo that will send money instantly Sasha Obama's real name has freaked out the internet Jimmy Carter shook everyone's hands on a flight to Atlanta because that's his thing Dave Chappelle just announced a bunch of new shows Google just invented an awesome way to find that perfect emoji, every single time

1.602s , 10109.625 kb

Copyright © 2025 Powered by 【LelleBelle】,Wisdom Convergence Information Network  

Sitemap

Top

Quick Links