We previously reported that LifeLock suffered a data breach and has been sued by the Federal Trade Commission for allegations of misleading customers [view related post], for which it settled with the FTC for $116 million [view related post] and then settled a suit alleging false statements to customers for $68 million [view related post].
If that isn’t enough, it is now being reported that LifeLock recently had a vulnerability in its website that allowed anyone with a web browser to index email addresses of millions of LifeLock’s customers. This could have allowed bad actors to have access to millions of legitimate email addresses that can be used in targeted phishing campaigns.
Apparently, LifeLock recently fixed the vulnerability, but security experts are concerned that because of the vulnerability, LifeLock customers may be targeted with phishing schemes that use LifeLock’s brand to trick them into clicking on malicious links and attachments that could introduce malware, ransomware or steal personal information of LifeLock’s customers.
LifeLock customers may wish to be extra vigilant (or as I like to say—“wicked paranoid”) about emails and phishing campaigns due to this vulnerability exposing their email addresses.