GM Credential Stuffing Attack Reveals Automobile Owners’ Details

The General Motors Company is a global American automobile manufacturing company with its headquarters in Detroit, Michigan. The corporation is the biggest automotive manufacturer located in the United States and is also one of the major manufacturers of motor vehicles in the world.

The owners of Chevrolet, Buick, GMC, and Cadillac automobiles have access to an online portal operated by General Motors, which allows them to manage their bills, scheduled servicing, and redeem rewards points.

GM rewards points may be redeemed by vehicle owners for GM automobiles, car services, car accessories, and even the purchase of OnStar service plans.

What Happened?

GM reported that they discovered the fraudulent login activity between April 11 and April 29, 2022, and verified that the hackers were able to redeem customer reward points for gift cards in certain instances. The incident occurred within that time period.

Credential stuffing is a form of cyberattack where hackers are taking over massive databases of usernames and passwords, many of which are stolen in recent data breaches, and use an automated method to “stuff” the account logins into other online services.

The fraudster exploits access to consumer accounts to make fraudulent transactions, perform phishing assaults, and steal information,

Read More: