Security News > 2022 > May > General Motors credential stuffing attack exposes car owners info

General Motors credential stuffing attack exposes car owners info
2022-05-23 22:53

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards.

General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points.

Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

These breaches are not a result of a General Motors being hacked but rather are caused by a wave of credential stuffing attacks targeting customers on their platform.

Credential Stuffing attacks are when threat actors use collections of username/password combinations leaked in other sites' data breaches to gain access to user accounts on a website.

GM's online site does not support two-factor authentication, which would prevent credential stuffing attacks from succeeding.


News URL

https://www.bleepingcomputer.com/news/security/general-motors-credential-stuffing-attack-exposes-car-owners-info/