The password manager run by Norton has seen hackers breach its customers’ information in a credential-stuffing attack.
Credential stuffing is the automated use of stolen username and password pairs purchased online. Since many users will re-use the same password and username/email, this sort of thing is frequently successful.
Since these people reused passwords, they exposed their accounts. It didn’t have to happen, but they weren’t using secure password practices.