I’m sure you’re all familiar with LifeLock, a company designed to help protect you from identity thieves. You’ve probably seen their name come up in connection with recent big data breaches. Companies offer LifeLock protection as a way of making up for leaking your data.
Well, the latest news from the security experts at Krebs on Security won’t make you feel any better. There was a big security flaw on a website used to contact LifeLock’s subscribers that allowed just about anyone to access the email addresses of customers. Crooks could target you with fake LifeLock emails and even unsubscribe you from your actual LifeLock alerts. Nearly 5 million email addresses could have potentially been leaked to crooks and used to target customers.
A freelance security expert stumbled across the flaw when he received a renewal notice for his LifeLock account. When LifeLock’s new owner, Symantec, was notified of the issues, they immediately shut the offending page down and took care of the problem. According to Symantec, the problem wasn’t with LifeLock’s website but with a third-party hired to do their marketing.
Still, it’s a good reminder to look closely at any communication claiming to come from a company or service you have an account with. Keep in mind that these companies already have your information and wouldn’t need credit card numbers, bank account information, and the like. If you have any doubts about a notice, you can always seek out the phone number or website for the company (don’t use the information in the email. If it’s fake, the information could be fake) and check to see if it’s true.