GM drivers may have had personal details revealed following phishing attack


A large number of General Motors (GM) user accounts have been breached, and their personally identifiable information (opens in new tab) stolen, the company has confirmed in a recent announcement sent to affected customers. What’s more, the cybercriminals behind the attack tried to redeem rewards points found on those accounts, for gift cards.

GM users have had their accounts compromised with a credential stuffing attack that took place between April 11 and April 29. This is a brute force type of attack, in which the attackers try numerous combinations of usernames and passwords until one works. Sometimes, the attackers will also try username/password combinations stolen from other breached services, knowing that some people reuse the same credentials across a multitude of services.

Source link