US automobile producer Typical Motors (GM) introduced that it was strike by a credential stuffing attack very last thirty day period that uncovered consumer info and permitted hackers to redeem benefits details for reward playing cards.
GM mentioned that they detected the destructive login exercise involving April 11-29 2022.
“We are composing to adhere to-up on our [DATE] email to you, advising you of a info incident involving the identification of the latest redemption of your reward details that appears to be without your authorization,” GM mentioned in a data breach notification sent to impacted consumers.
A credential stuffing attack is a cyber-attack in which credentials obtained from a earlier knowledge breach on a person assistance are utilised to attempt to log in to a different unrelated services.
“Primarily based on the investigation to day, there is no proof that the log in information was attained from GM alone,” GM stated in a different data breach notification.
“We feel that unauthorized events received entry to purchaser login credentials that ended up beforehand compromised on other non-GM web sites and then reused all those credentials on the customer’s GM account.”
The individual facts of affected buyers involves initially and last names, private email addresses, house addresses, usernames and phone figures for registered family members users tied to the account, past recognised and saved favourite spot info, now subscribed OnStar offer (if relevant), spouse and children members’ avatars and photos (if uploaded), profile photos and look for and spot facts.
Other info offered to hackers incorporated automobile mileage historical past, provider heritage, emergency contacts and Wi-Fi hotspot settings (such as passwords).
Aside from resetting their passwords, GM recommended afflicted individuals to request credit history reports from their banking institutions and location a security freeze if necessary.
GM also confirmed that hackers redeemed shopper reward points for reward playing cards in specific instances.
GM operates an on the internet platform that helps homeowners of Chevrolet, Buick, GMC, and Cadillac autos deal with their expenditures and redeem benefits factors.
GM extra that it will be restoring benefits points for all affected shoppers.
Some parts of this article are sourced from:
www.infosecurity-magazine.com