Per Krebs, “Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers”.
Here’s what we know so far:
- LifeLock, an identity protection company, has put millions of customer emails at risk for phishing and identity theft attacks, thanks to a bug on its website.
- The bug enabled customer email addresses to be harvested by simply changing one number in the URL of a web page used by customers to unsubscribe from LifeLock communications.
- It’s important to note that this is not a breach, but it is a vulnerability to pay attention to, since ID thieves can use email addresses to steal other personal info.
How to protect your info:
Here are some tips to help you protect yourself:
- Do not click on any suspicious-looking links in those messages and instead forward any suspicious email to the company itself. Call the company directly to confirm whether any such messaging is actually from them.
- Do not enter any personal info or credentials via links in emails. If you need to make updates, go directly to the company’s website to do so.
- Check your credit report regularly to keep an eye on any unauthorized activity.
- Consider locking your credit file to help prevent potentially fraudulent access.
LifeLock Bug Exposed Millions of Customer Email Addresses – https://krebsonsecurity.com/tag/lifelock/