LifeLock's identity theft protection service suffered from a security flaw that put users' identities in jeopardy. The event forced its parent company, Symantec, to pull part of its website* down to fix the issue after it was notified by KrebsOnSecurity. According to Krebs, Atlanta-based security researcher Nathan Reese discovered the vulnerability through a newsletter email he received from the service. Upon clicking "unsubscribe," a page that clearly showed his subscriber key popped up. That allowed Reese to write a script that sequences numbers, which was able to pull keys and their corresponding email addresses from the service.