General Motors suffers credential stuffing attack
US automaker General Motors was the victim of a credential stuffing attack that exposed some customers' information and allowed attackers to redeem reward points for gift cards.
The specific target of the attack was its online platform for managing invoices, services and redeeming reward points.
GM contacted those affected to inform them of account recovery instructions. In addition, affected users should reset their passwords before logging back into their accounts.
References:
- 23/05/2022 oag.ca.gov NOTICE OF DATA BREACH
- 23/05/2022 bleepingcomputer.com General Motors credential stuffing attack exposes car owners info
- 24/05/2022 infosecurity-magazine.com US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners' Personal Info
- 24/05/2022 blog.malwarebytes.com General Motors suffers credential stuffing attack
- 24/05/2022 thecybersecurity.news US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info