American automaker General Motors was targeted in a credential stuffing attack in April 2022 after it noticed malicious login activity to customers’ accounts.
The attackers accessed customers’ personally identifiable information (PII) and redeemed reward points for gift cards.
The company deactivated the reward feature and notified the customers and law enforcement authorities and asked its customers to reset their passwords and monitor their credit reports for potential fraud.
TPRM report: https://scoringcyber.rankiteo.com/company/general-motors
"id": "gen13536622",
"linkid": "general-motors",
"type": "Cyber Attack",
"date": "04/2022",
"severity": "90",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Automotive',
'location': 'United States',
'name': 'General Motors',
'type': 'Corporation'}],
'attack_vector': 'Malicious Login Activity',
'data_breach': {'personally_identifiable_information': True,
'type_of_data_compromised': 'PII'},
'date_detected': 'April 2022',
'description': 'American automaker General Motors was targeted in a '
'credential stuffing attack in April 2022 after it noticed '
'malicious login activity to customers’ accounts. The '
'attackers accessed customers’ personally identifiable '
'information (PII) and redeemed reward points for gift cards. '
'The company deactivated the reward feature and notified the '
'customers and law enforcement authorities and asked its '
'customers to reset their passwords and monitor their credit '
'reports for potential fraud.',
'impact': {'data_compromised': 'PII'},
'motivation': ['Access PII', 'Redeem Reward Points for Gift Cards'],
'response': {'communication_strategy': ['Notified Customers',
'Asked Customers to Monitor Credit '
'Reports'],
'containment_measures': ['Deactivated Reward Feature'],
'law_enforcement_notified': True,
'remediation_measures': ['Asked Customers to Reset Passwords']},
'title': 'Credential Stuffing Attack on General Motors',
'type': 'Credential Stuffing',
'vulnerability_exploited': 'Customer Accounts'}