Identity theft protection firm LifeLock have exposed customers to additional attacks from ID thieves and phishers.
The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.
Source: https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/
TPRM report: https://scoringcyber.rankiteo.com/company/nortonlifelock
"id": "nor013101122",
"linkid": "nortonlifelock",
"type": "Vulnerability",
"date": "07/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Millions',
'industry': 'Identity Theft Protection',
'name': 'LifeLock',
'type': 'Company'}],
'attack_vector': 'Web Application Vulnerability',
'data_breach': {'number_of_records_exposed': 'Millions',
'personally_identifiable_information': ['Email Addresses'],
'type_of_data_compromised': ['Email Addresses',
'Communication Preferences']},
'description': 'Identity theft protection firm LifeLock have exposed '
'customers to additional attacks from ID thieves and phishers. '
'The company just fixed a vulnerability on its site that '
'allowed anyone with a Web browser to index email addresses '
'associated with millions of customer accounts, or to '
'unsubscribe users from all communications from the company.',
'impact': {'data_compromised': ['Email Addresses',
'Communication Preferences'],
'identity_theft_risk': 'High',
'systems_affected': ['Web Application']},
'response': {'containment_measures': ['Fixed Vulnerability']},
'title': 'LifeLock Vulnerability Exposes Customer Emails and Communication '
'Preferences',
'type': 'Data Exposure',
'vulnerability_exploited': 'Email Indexing and Unsubscribe Vulnerability'}