Identity theft protection firm LifeLock may have exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLocks brand. Security firm Symantec took LifeLock.com offline shortly after being contacted by KrebsOnSecurity.”]
Source: https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/