General Motors (GM), an American automobile maker, has suggested that a credential stuffing attack that led to the exposure of customer details has hit it to hackers between April 11th–29th,2022. An email notification regarding the data breach is being sent to all affected customers by General Motors and it assured that it will put a curb on all such incidents soon by taking appropriate cybersecurity measures on a proactive note.
Investigations later revealed that the attack occurred as the hackers got access to servers after launching an attack on an IT provider that was providing information technology-related services to General Motors.
Leaked personal info includes personal email addresses, home addresses, usernames, phone numbers of family members, location details, employee and their family details, profile pictures, and first and last names of customers and a few employees.
Information is out that the cybercriminals also accessed car data driven by customers like car mileage history, service details, emergency contacts, and in-car Wi-Fi data.
Reset passwords, applying for a credit monitoring service from their banks, and keeping a tab on card transactions made is being advised by security specialists in such situations.
General Motors is yet to offer any free credit monitoring service as its IT staff are still busy investigating the incident.
Note 1- What’s interesting about the incident is hackers showed special interest in redeeming the reward points assigned to customers by hijacking their accounts.
Note 2- GM has manufacturing plants in about eight countries and offers auto parts to Chevrolet, Cadillac, Buick, GMC, and DMAX vehicles.