customers general engines (GM) in the United States leaked personal data after a while credential stuffing attack to an automaker’s website in April, as reported by BleeComputer this Monday (23). The breach allowed cybercriminals to exchange user reward points for gift cards.
According to the publication, the online platform targeted by the cyberattack used by car owners Chevrolet, Cadillac, GMC and Buick. Here, drivers can access services and participate in rewards programs, among other things.
The unauthorized access to the automaker’s website took place between April 11 and 29, and cybercriminals took advantage of leaked login and password combinations in other malicious campaigns. There is no evidence that this information was obtained from GM himself.
With the account breach, those responsible for the attack were able to view data such as the customer’s first and last name, home and email addresses, phone numbers linked to the profile, call and destination information, and photos (including family members, if any). ). ), among others. Financial, social security and driver’s license data were not compromised.
password change
In a notification sent to affected customers, GM requested that the password of the account on the platform be changed immediately. Two-factor authentication is not available, which adds an extra layer of security, but the manufacturer recommends entering a PIN. for confirmation of purchases made through the online service.
The automaker also recommended that consumers be aware of bank transactions in their accounts and request a security lock from the financial institution, if any. Incorrectly exchanged points will be refunded to users.
The total number of people whose data was leaked in the country is unknown, but the state of California alone has at least around 5,000 users affected.
Source: Tec Mundo
