Security News > 2022 > May > General Motors credential stuffing attack exposes car owners info
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards.
General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points.
Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.
These breaches are not a result of a General Motors being hacked but rather are caused by a wave of credential stuffing attacks targeting customers on their platform.
Credential Stuffing attacks are when threat actors use collections of username/password combinations leaked in other sites' data breaches to gain access to user accounts on a website.
GM's online site does not support two-factor authentication, which would prevent credential stuffing attacks from succeeding.
News URL
Related news
- Retail chain Hot Topic hit by new credential stuffing attacks (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- Okta warns of "unprecedented" credential stuffing attacks on customers (source)
- Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks (source)