News
ODIN and Norton Breach - Integrity360 Comment
January 2023 by Patrick Wragg - Cyber Threat Response Manager, Integrity360
In light of the news of breaches at both ODIN and Norton LifeLock this morning, please see comments below from Patrick Wragg, Cyber Incident Response Manager, Integrity360:
ODIN
"It’s very likely that this attack was done by Cyber Activists judging by the message they left on the website. It is also likely that the "large" dismissal (by the CEO of ODIN) of Wired’s report of the vulnerabilities in SweepWizard had painted a target on ODIN’s back as this might be construed by the attackers to be arrogance from the CEO."
Norton LifeLock
"Gaining access to PII such as names, phone numbers and mailing addresses is bad for a company from a data protection point of view. What makes this breach particularly nasty is that Norton LifeLock can’t rule out that customer’s saved passwords were not stolen. This means that any product, application or system that the users previously had secure access to and stored their credentials with Norton LifeLock were now potentially compromised also. Attackers are specifically targeting companies that offer password management solutions (e.g. LastPass) because breaching one is similar in severity to a supply chain attack often seen in the news last year."
