GM, Zola customer accounts compromised through credential stuffing

2022-05-26 11:16

Customers of automaker General Motors and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used the access to redeem gift cards.

Credential stuffing is a type of attack aimed at hijacking accounts.

The notice of data breach sent out by US car manufacturer General Motors to affected users says that they "Identified some suspicious log ins to certain GM online customer accounts and identified recent redemption of customer reward points for gift cards that may have been performed without the customers' authorizations" between April 11 and April 29, 2022.

The company did not share how many accounts had been compromised, but they primised to restore the reward points and have urged affected customers to reset their password, chose a better, unique one, and to do the same on other accounts where they used the same compromised username/password combination.

Earlier this week, popular wedding planning website Zola confirmed that some user accounts have been hacked over the weekend and the linked bank accounts used to buy gift cards.

The company has forced a password reset on all users and not just the one who had their accounts compromised.

News URL

https://www.helpnetsecurity.com/2022/05/26/gm-zola-credential-stuffing/

#credential #GM