It’s become standard boilerplate every time there’s a major personal security breach: Equifax gets hacked; Essential phishes its own customers; whenever this happens, the companies say, “We offer troubled customers a year of LifeLock, an identity theft protection service, for free.”
But what if LifeLock itself isn’t that secure? Guess what, kids? LifeLock may not be that secure after all. Security expert Brian Krebs reported on the problem, saying: “Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers.”
Read about how a vulnerability on the LifeLock website reportedly “allowed anyone with a Web browser to index email addresses associated with millions of customer accounts,” on ZDNet.