Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning.

Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on the activity on Dec. 12, when its IDS systems flagged “an unusually high number of failed logins” on Norton accounts. After a 10-day investigation, it turns out that the activity stretched back to Dec. 1, the company said.