Are you a Cadillac, GMC, Buick, or Chevrolet owner? If you do, you should know that GM has recently admitted that they were the victims of a credential stuffing attack approximately one month ago.
Some customer information was exposed to the attackers, which allowed them to redeem unspecified rewards points for gift card vouchers.
According to GM, they discovered suspicious network activity between April 11th-20th, 2022. GM sent a letter to all affected parties confirming that they would restore rewards points for those who were affected by the breach.
Although it is a small consolation, this is not a case where the company was hacked. Credential stuffing attacks are where threat actors purchase many usernames and passwords from the Dark Web to try to find the right combination for a particular website. According to the company, there is no evidence that attackers obtained this information through GM's network.
If you were one of the affected customers, the following information was revealed:
- First and last names of the customer
- Email address for personal use
- Addresses personal
- For family members registered to the account, username and number
- Information about the last known and most treasured location
- If applicable, currently subscribed to OnStar package
- If possible, avatars and photos of family members
- Profile picture
- And search & destination information
An attacker may also have access to other information, such as vehicle history, service history, Wi Fi Hotspot settings, emergency contact information, and so on.
What is credential stuffing?
Credential stuffing is a cyberattack where cybercriminals use stolen login credentials from one system to attempt to access an unrelated system.
Credential stuffing attacks work on the premise that people often use the same user ID and password across multiple accounts. Therefore, possessing the credentials for one account may be able to grant access to other, unrelated account.
How do you prevent credential stuffing? Call Integrated Technology Systems to ensure sufficient security measures are utilized on your network.
This breach was not as severe as some of the others we have heard about this year. A hacker could still steal an identity if they had the above information. Be aware and be vigilant.
Beware, ChromeLoader Malware is Picking up Steam
Security professionals are raising eyebrows at the discovery of ChromeLoader, a browser hijacker.
ChromeLoader allows victims to modify their web browser settings in order to display search results that promote unwanted software, pop-up ads, fake giveaways and adult games.
There are many more dangerous malware types than you might think. This malware will not infect your computer with malicious code that can lock all your files and install other types of malware. Instead, it will flood you with spammy or scammy offers. This will frustrate and force you to click through ads that you don't want to see in an attempt to make some money for the malware's creators.
Its persistence and aggressive use of Powershell are what make it stand out. This malware strain is unlike any other. The malicious code's owners recently released a new variant specifically targeting macOS users.
Although we wish all malware was as harmless as this, it doesn't mean that it's not a threat and you should be concerned about it. Although it isn't as harmful as many of the other malware strains in the news, it can still cause serious headaches.
You may have been infected if you see unusually many popup ads, or your computer shows a preference for porn sites and gaming sites. Your computer may seem to have a life of its very own. These are signs that the problem is not going away by itself. You should contact a tech immediately.
Think of the time your employees would be wasting clicking through unwanted popups. Integrated Technology Systems can put protection in place to lessen the possibility of malware getting to your network. Call us today.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/
