US automobile producer Common Motors (GM) declared that it was strike by a credential stuffing attack past month that uncovered purchaser facts and allowed hackers to redeem benefits factors for reward cards.
GM claimed that they detected the malicious login activity amongst April 11-29 2022.
“We are crafting to stick to-up on our [DATE] email to you, advising you of a information incident involving the identification of latest redemption of your reward details that seems to be without your authorization,” GM stated in a data breach notification sent to impacted shoppers.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
A credential stuffing attack is a cyber-attack in which credentials attained from a former data breach on a single provider are utilised to attempt to log in to yet another unrelated company.
“Dependent on the investigation to day, there is no proof that the log in information was received from GM alone,” GM claimed in a different data breach notification.
“We consider that unauthorized events received entry to buyer login qualifications that were being previously compromised on other non-GM internet sites and then reused individuals credentials on the customer’s GM account.”
The individual information and facts of affected shoppers features initially and last names, personal email addresses, dwelling addresses, usernames and phone figures for registered relatives users tied to the account, previous recognized and saved favorite site info, at this time subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile shots and search and spot information and facts.
Other facts out there to hackers provided auto mileage background, service heritage, emergency contacts and Wi-Fi hotspot configurations (including passwords).
Aside from resetting their passwords, GM advised afflicted men and women to ask for credit score reports from their banking companies and location a security freeze if expected.
GM also confirmed that hackers redeemed client reward points for present playing cards in specific conditions.
GM operates an on the web platform that helps homeowners of Chevrolet, Buick, GMC, and Cadillac automobiles manage their expenses and redeem rewards factors.
GM included that it will be restoring rewards details for all affected shoppers.
Some components of this posting are sourced from:
www.infosecurity-magazine.com