The General Motors had released a report last week about a data breach in the company that occurred between 11th – 29th of April month.
However, the cause of this breach was due to a hack in General Motors but rather due to a wave of credential stuffing attacks targeting customers on their platform.
Credential Stuffing Attack is due to the reuse of the username and passwords on different applications. Attackers use automated scripts to test ample amount of stolen username and password combinations against various online accounts to gain access.
The stolen credentials are usually obtained from data breaches of other sites. Cybercriminals rely on password reuse and the use of easy-to-guess passwords., like D-O-B’s,”123456″, etc.,
The attackers use the compromised accounts for multiple purposes. Such as, Accessing the victim’s devices, Steal the victim’s sensitive information, and more so. According to researchers, these attacks are costly and common.
GENERAL MOTORS WAS UNDER DATA BREACH
The past week GM had disclosed that it was a victim of a credential stuffing attack last month that had exposed a few customers’ information. It had also allowed hackers to redeem reward points for gift cards in some cases.
In GM, Car owners can redeem GM rewards points towards GM vehicles, car services, accessories, and purchasing of OnStar service plans.
The company had advised its customers to reset their passwords to regain access to their accounts. Further explaining about the exposure of their personal data.