LifeLock’s Web site exposed customer email addresses by tying each customer account to a numeric “subscriberkey” that could be easily enumerated.
New LifeLock Data Breach Details and Who Was Affected
Symantec’s identity theft protection service LifeLock has reportedly exposed millions of customer email addresses due to a website bug.
LifeLock’s website was taken down briefly after alerted by security journalist and researcher Brian Krebs, who published the flaw on his blog.
Secure your data with best Password Manager IDShield volt
LifeLock company that’s built a name for itself based on the promise of helping consumers protect their identities online may have actually exposed customers to additional attacks from ID thieves and phishers
The vulnerability allowed anyone with a web browser to collect customer email addresses by changing a number in the URL, which is used to unsubscribe from LifeLock's communications.
Each sequential number corresponds to a customer record, and changing that number revealed an email address on the webpage. Read more...
Read more: feeds.mashable.com