Hackers Know Where You are Going as They Breach General Motors Database!
Recently, US car manufacturer General Motors was the victim of a massive data breach attack.
US car manufacturer General Motors was the victim of a credential stuffing attack. GM operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, and services, and redeem reward points. GM suffered a hack that exposed a significant amount of sensitive personal information on car owners’ names, addresses, phone numbers, locations, car mileage, etc. The malicious login activity was detected on an unspecified number of GM online user accounts. In this type of attack, hackers obtain stolen credentials and use them to gain unauthorized access to user accounts through large-scale automated login requests. This breach was firstly reported by cybernews.com.
General Motors Disclose Data Breach
GM’s breach notification lays out the first and last name, home address, phone number, personal email address, last known and saved favorite location, profile picture, username, OnStar package, fraudulently redeemed reward points, search and destination information, family members’ avatars and photos and reward card activity of the information that may have been compromised by the hackers. The company had been hit with a credential stuffing attack, to steal customer reward points.
According to the automobile maker, the hackers accessed the information from GM’s online/mobile application accounts. The GM company has made it known that the stolen information did not include birthdays, social security numbers, credit card or bank information, or driver’s license numbers. And GM credit cards were not affected as they are managed in a different system. But about 140 GM customer rewards accounts were comprised.
It’s unclear exactly how many customers were affected by this breach. According to California Attorney General’s Office, the firm reported that nearly 5,000 breach letters were sent to state residents. GM said it had notified affected customers and will require them to reset their passwords to keep their information safe. And GM was able to detect the breach and take steps to protect users because credential stuffing is often not detected.