Do you own a Chevrolet, Buick, GMC, or Cadillac? 

If so, be aware that GM recently acknowledged that they fell victim to a credential stuffing attack a little over a month ago.

The attack exposed some customer information to the attackers and allowed them to redeem an undisclosed number of rewards points for gift cards.

The company said that they detected suspicious network activity between April 11th and April 29th of 2022.  In a letter sent to those impacted by the breach, GM indicated that they would be restoring rewards points for everyone who was impacted.

While it's small consolation, it's worth noting that this isn't a case of the company being hacked.  Credential stuffing attacks see the threat actors use many different usernames and passwords purchased from the Dark Web in a wholesale attempt to find a combination that will work on a given website.  The company stressed that there is no evidence the attackers gained this information from GM's network itself.

 

Are you a GM customer? The following information was leaked

  • Customer's first and last name
  • Personal email address
  • Personal physical address
  • Username and phone numbers for registered family members tied to the account
  • Last known and saved favorite location information
  • Currently subscribed to the OnStar package (if applicable)
  • Family members' avatars and photos (if uploaded)
  • Profile picture
  • And search & destination information

The attackers may have also gained access to less useful information such as car milage history, service history, Wi-Fi Hotspot settings, emergency contact information and the like.

 

My perspective

As breaches go, this one wasn't as bad as many of the others we've heard about thus far this year. However, armed with the information above, a hacker would certainly have enough details to steal someone's identity. So be warned and stay vigilant. And take an active position in defense of your personal data.

 

I'll get you, my pretty, and your little dog too!

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association

Used with permission from Article Aggregator