Stories
Slash Boxes
Comments

SoylentNews is people

LifeLock Bug Exposed Millions of Customer Email Addresses

posted by martyb on Sunday August 05 2018, @04:52PM   Printer-friendly
from the LifeLock-just-needs-a-data-protection-service dept.

Fnord666 writes:

Identity theft protection firm LifeLock — a company that's built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.

Source: Krebs on Security

Original Submission

 
This discussion has been archived. No new comments can be posted.
LifeLock Bug Exposed Millions of Customer Email Addresses | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Sunday August 05 2018, @06:04PM

    by Anonymous Coward on Sunday August 05 2018, @06:04PM (#717563)

    "By idiots for idiots" seems appropriate.

  • (Score: 5, Informative) by Thexalon on Sunday August 05 2018, @06:11PM (2 children)

    by Thexalon (636) on Sunday August 05 2018, @06:11PM (#717564)

    a company that's built a name for itself based on the promise of helping consumers protect their identities online but had their CEO's identity stolen very early on in its history

    It turns out that identity protection is hard, and LifeLock's services never did what they claim to do.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.

    • (Score: 0) by Anonymous Coward on Sunday August 05 2018, @06:28PM

      by Anonymous Coward on Sunday August 05 2018, @06:28PM (#717570)

      Mmmm I like gravy almost as much as I like pudding. If only I could find a way to combine the two...

    • (Score: 2) by Joe Desertrat on Sunday August 05 2018, @09:02PM

      by Joe Desertrat (2454) on Sunday August 05 2018, @09:02PM (#717607)

      It turns out that identity protection is hard, and LifeLock's services never did what they claim to do.

      Yeah, I can't help thinking companies like that exist solely to pry money from ignorant consumers. At best they are only a single line in your defenses, so why pay for them when you have to do most of it yourself anyway to be safe?

  • (Score: 4, Funny) by Ethanol-fueled on Sunday August 05 2018, @06:17PM (1 child)

    by Ethanol-fueled (2792) on Sunday August 05 2018, @06:17PM (#717565) Homepage

    Stop fucking around with businesses nobody knows about and get LinkedIn or Facebook, and give the rest of us a good excuse to not have those accounts.

  • (Score: 4, Funny) by srobert on Sunday August 05 2018, @07:16PM

    by srobert (4803) on Sunday August 05 2018, @07:16PM (#717577)

    Those are real goodfellas at Lifelock offering "protection" for your identity. Because you know, you got a real nice identity there. It'd be a real shame if somebody was to like, make off with it. You know what I mean?

(1)