Security News > 2022 > May > GM credential stuffing attack exposed car owners' personal info

GM credential stuffing attack exposed car owners' personal info
2022-05-23 22:53

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards.

Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

These breaches are not a result of a General Motors being hacked but rather are caused by a wave of credential stuffing attacks targeting customers on their platform.

Credential Stuffing attacks are when threat actors use collections of username/password combinations leaked in other sites' data breaches to gain access to user accounts on a website.

"Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself," explains a different data breach notification from GM. "We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer's GM account."

The GM accounts do not hold date of birth, Social Security number, driver's license number, credit card information, or bank account information, so that information hasn't been compromised.


News URL

https://www.bleepingcomputer.com/news/security/gm-credential-stuffing-attack-exposed-car-owners-personal-info/