It seems a flaw within LifeLock’s website may have exposed all of the emails of their subscribers.
While the exposure of email without any other information like passwords or personal information seems harmless in itself, it now brings the substantial threat of spear phishing attacks.
“If I were a bad guy, I would definitely target your customers with a phishing attack because I know two things about them,” Reese said. “That they’re a LifeLock customer and that I have those customers’ email addresses. That’s a pretty sharp spear for my spear phishing right there. Plus, I definitely think the target market of LifeLock is someone who is easily spooked by the specter of cybercrime.”
Full article here.