News and Updates on Information Technology

General Motors has been hit by a Cyber-Attack Exposing Car Owners’ credentials

Exploit: Credential Stuffing

General Motors (GM): Automobile Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.872 = Moderate

General Motors (GM) has announced that it was hit by a credential stuffing attack last month that exposed customer information. GM said that they detected the malicious login activity between April 11-29, 2022, and that hackers obtained access through credential stuffing. GM said in a statement “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.” The bad actors also redeemed loyalty points from some customers’ accounts for gift cards.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.583 = Moderate

Customer data that was exposed in this incident includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile pictures and search and destination information, car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords).

How it Could Affect Your Customers’ Business: Dark web data is a credential compromise hazard that can bite any business big or small leading to a data exposure disaster.

Source: Info Security Magazine