2 min read

General Motors Suffers Credential Stuffing Attack; Personal Data and Loyalty Points Compromised

Alina BÎZGĂ

May 27, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
General Motors Suffers Credential Stuffing Attack; Personal Data and Loyalty Points Compromised

Malicious actors stole customer redeem points and personally identifiable information in a credential stuffing attack on General Motors (GM) last month.

According to a data breach notification letter sent to impacted customers, an unauthorized party gained access to user accounts on April 11-29, fraudulently redeeming customer reward points for gift cards and potentially exfiltrating personal data from card owners, including:

  • first and last name, email address, physical address and username
  • phone numbers for registered family members tied to the account
  • last known saved favorite location information
  • currently subscribed OnStar package (if applicable)
  • family members’ avatars and photos (if uploaded) and profile pictures
  • search destination information
  • reward card activity and fraudulently redeemed reward points

“The GM accounts did not include data of birth, Social Security number, driver’s license number, credit card information or bank account information, as that information is not stored in your GM account,” the letter reads.

The US-based car manufacturer said the credentials used in the attack were not sourced from General Motors.

“Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself,” the company said. “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.”

To mitigate the attack, General Motors suspended gift card redemption, forced a mandatory password reset for all impacted accounts, and pledged to restore all loyalty points.

It’s unclear how many GM customers were affected by the breach. However, the company is continuing the investigation alongside law enforcement, and providing all victims free credit monitoring for one year.

Earlier this week, we addressed risky cyber behaviors and how password reuse can affect your online privacy and security. We strongly urge users to stick to good online practices and immediately change weak passwords, especially those that are recycled among multiple online accounts and platforms.

Start securing your online presence today with Bitdefender’s Ultimate Security plan by taking care of your devices, data and finances. Get our best-in-class malware protection for up to 10 devices, a VPN for safe browsing and shopping, a password manager to help you create and use passwords that meet the highest security standards, and an identity theft protection plan with an exhaustive list of features including 24/7 data breach monitoring, credit score management, lost wallet assistance and much more.

Read more about our ultimate mega-suite here.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Exposed Server at Malaysian POS Software Provider Leaks Data of 1 Million Customers Exposed Server at Malaysian POS Software Provider Leaks Data of 1 Million Customers
Alina BÎZGĂ

June 22, 2022

2 min read
Is someone abusing your credit card? Here’s what you can do to prevent credit card fraud Is someone abusing your credit card? Here’s what you can do to prevent credit card fraud
Alina BÎZGĂ

June 14, 2022

2 min read
E-skimming attack at US gun shops impact over 90,000 customers E-skimming attack at US gun shops impact over 90,000 customers
Alina BÎZGĂ

June 08, 2022

2 min read