General Motors

General Motors

American automaker General Motors was targeted in a credential stuffing attack in April 2022 after it noticed malicious login activity to customers’ accounts.

The attackers accessed customers’ personally identifiable information (PII) and redeemed reward points for gift cards.

The company deactivated the reward feature and notified the customers and law enforcement authorities and asked its customers to reset their passwords and monitor their credit reports for potential fraud.

Source: https://www.cpomagazine.com/cyber-security/hackers-accessed-car-owners-personal-information-in-general-motors-credential-stuffing-attack/

TPRM report: https://scoringcyber.rankiteo.com/company/general-motors

"id": "gen13536622",
"linkid": "general-motors",
"type": "Cyber Attack",
"date": "04/2022",
"severity": "90",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Automotive',
                        'location': 'United States',
                        'name': 'General Motors',
                        'type': 'Corporation'}],
 'attack_vector': 'Malicious Login Activity',
 'data_breach': {'personally_identifiable_information': True,
                 'type_of_data_compromised': 'PII'},
 'date_detected': 'April 2022',
 'description': 'American automaker General Motors was targeted in a '
                'credential stuffing attack in April 2022 after it noticed '
                'malicious login activity to customers’ accounts. The '
                'attackers accessed customers’ personally identifiable '
                'information (PII) and redeemed reward points for gift cards. '
                'The company deactivated the reward feature and notified the '
                'customers and law enforcement authorities and asked its '
                'customers to reset their passwords and monitor their credit '
                'reports for potential fraud.',
 'impact': {'data_compromised': 'PII'},
 'motivation': ['Access PII', 'Redeem Reward Points for Gift Cards'],
 'response': {'communication_strategy': ['Notified Customers',
                                         'Asked Customers to Monitor Credit '
                                         'Reports'],
              'containment_measures': ['Deactivated Reward Feature'],
              'law_enforcement_notified': True,
              'remediation_measures': ['Asked Customers to Reset Passwords']},
 'title': 'Credential Stuffing Attack on General Motors',
 'type': 'Credential Stuffing',
 'vulnerability_exploited': 'Customer Accounts'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.