Source |
Krebs on Security |
Identifiant |
753766 |
Date de publication |
2018-07-25 22:20:04 (vue: 2018-07-26 01:03:08) |
Titre |
LifeLock Bug Exposed Millions of Customer Email Addresses |
Texte |
Identity theft protection firm LifeLock -- a company that's built a name for itself based on the promise of helping consumers protect their identities online -- may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.
The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.
The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together it lacked a basic understanding of authentication and security. |
Envoyé |
Oui |
Condensat |
accounts actually additional addresses aid all allowed anyone associated attacks authentication based basic brand browser bug built but campaigns communications company consumers could course criminals customer customers cyber data design email entire exposed firm fixed flaw from harvest have helping identities identity index its itself just lacked lifelock looking may millions name nevertheless online phishers phishing promise protect protection put security site spam spoof suggests targeted that theft thieves together understanding unsubscribe upshot use users vulnerability weakness web whoever without world |
Tags |
Spam
Vulnerability
|
Stories |
|
Notes |
|
Move |
|