"US Car Giant General Motors Hit by Cyberattack Exposing Car Owners' Personal Info"
General Motors (GM), a US automobile manufacturer, announced that it was hit by a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards. GM said they detected the malicious login activity between April 11-29, 2022. GM stated that there is no evidence that the log in information was obtained from GM based on the investigation to date. GM noted that they believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer's GM account. The personal information of affected customers includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members' avatars and photos (if uploaded), profile pictures and search and destination information. Other information available to hackers included car mileage history, service history, emergency contacts, and Wi-Fi hotspot settings (including passwords). GM advised users to reset their passwords, and that affected individuals should request credit reports from their banks and place a security freeze if required. GM also confirmed that hackers redeemed customer reward points for gift cards in some instances.