General Motors suffered from credential stuffing
On May 23, it was disclosed that car manufacturer General Motors was the victim of a credential stuffing attack last month that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards.
General Motors run its own online platform for car owners to facilitate car and accessories management.
Credentials stuffing is an attack that involves login attempts in accounts, which details have been previously hacked or exposed elsewhere. Numerous accounts’ log in attempts have been successful.
When the hackers successfully breached a GM account, they could access certain information stored on the site. This information includes the following personal details:
- First and last name,
- personal email address,
- personal address,
- username and phone number for registered family members tied to the account,
- last known and saved favorite location information,
- currently subscribed OnStar package (if applicable),
- family members’ avatars and photos (if uploaded),
- profile picture,
- search and destination information.
Other information available to hackers when they breach GM accounts is car mileage history, service history, emergency contacts, Wi-Fi hotspot settings (including passwords), and more.
However, the GM accounts do not hold date of birth, Social Security number, driver’s license number, credit card information, or bank account information, so that information hasn’t been compromised.
Apart from resetting passwords, General Motors also advises impacted individuals to request credit reports from their banks and place a security freeze if the case calls for it. Instructions on how to do either are enclosed in the notice.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourself.