Thursday, July 26, 2018

Trust No One, or Life-locked

via Kreb's on Security...
Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. 

The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. more

If you use LifeLock carefully check future emails using their name before clicking on anything. Also, check occasionally to make sure you haven't been unsubscribed. ~Kevin