Content, Breach

Symantec’s LifeLock Identify Theft Protection Exposes Customer Email Addresses

LifeLock, a Symantec company that provides identity theft protection services, exposed millions of customer email addresses due to a security vulnerability on its website, according to KrebsonSecurity.

The vulnerability enabled anyone with a web browser to view LifeLock customer email addresses or unsubscribe users from all company communications, KrebsonSecurity indicated. Also, the vulnerability allowed hackers to harvest LifeLock customer data and use it in targeted phishing campaigns.

Potential customer data exposure was limited to email addresses on a LifeLock marketing page that allowed recipients to unsubscribe from marketing emails, Symantec told KrebsonSecurity. Symantec has fixed the issue and said there is no indication of any further suspicious activity on the LifeLock marketing page at this time.

Panera Bread Leaks Customer Records

Meanwhile, Panera Bread exposed millions of customer names, email addresses, birthdays and other records on its website. Panera customer records were publicly accessible for at least eight months before they were removed from the company's website in April, according to KrebsonSecurity.

Panera "fixed" the security bug by requiring people to log in to a valid user account on the company's website to view exposed customer records, KrebsonSecurity reported. The company also told Fox News that fewer than 10,000 customers were affected by the issue.

Key Takeaways from the LifeLock and Panera Data Leaks

A website misconfiguration poses a major threat to an organization's data security and brand reputation, Rich Campagna, CMO at cloud access security broker (CASB) Bitglass, told MSSP Alert. However, organizations can use data-centric security tools that ensure appropriate configurations, deny unauthorized access and encrypt sensitive data at rest to prevent website misconfigurations and other security flaws.

Organizations also require visibility across their cyberattack surfaces, said Mark Weiner, CMO at breach risk platform provider Balbix. That way, organizations can limit the risk of missing security bugs that otherwise expose their sensitive data to cyberattacks.

Furthermore, data leaks are problematic for organizations of all sizes and across all industries, but MSSPs can help organizations identify and resolve these problems. In fact, MSSPs can offer a wide range of tools, resources and training to help organizations address security flaws.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.