GM reportedly suffered a cyberattack last month that resulted in the exposure of customer information and allowed hackers to redeem gift card reward points.
According to a recent report from IT Security Guru, GM confirmed that it detected malicious login activity between April 11th and April 29th, 2022. The malicious activity was identified as a credential stuffing attack, wherein credentials were obtained from a previous data breach from one service, then reused to log into another service.
In response, GM sent a data breach notification to customers stating “We are writing to follow-up on our [DATE] email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization.”
Personal information for affected customers, including names, email addresses, home addresses, phone numbers, usernames, last known and saved favorite location, car mileage, maintenance history, OnStar information, and more may have been exposed in the attack. GM is advising affected customers to reset their passwords, and if necessary, request a credit report from their banks. GM will restore rewards points for customers affected by the attack.
Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself. Rather, the automaker states in a separate data breach notification, “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.”
With the proliferation of digital features and connected technologies in passenger vehicles, cybersecurity has become an increasingly critical issue in the auto industry. As such, GM has taken new steps to beef up its security measures, including the introduction of the Global B electrical architecture, which, in addition to providing greater processing power, support for over-the-air updates, and improved inter-vehicle system communication, also provides more robust protection from hackers and cyberattacks.
Subscribe to GM Authority for more GM business news, GM safety news, GM technology news, and around-the-clock GM news coverage.
Comments
They traced it to a server at trump tower
Interesting because I read it came from Ukraine and hunter Biden was involved.
Our modern digital world marches on exposing our genitalia to the bad actors.
Then, put tin foil in your jock.
How about GM enable social sign-in to avoid password reuse?
Their login services supplier, Microsoft Azure, supports this. Yes, GM had to pay a supplier to handle customer logins.
Would be a good idea except the last time they touched login, people couldn’t save sign-ins in the app and it took them around 6 months to fix it. Typical Detroit failing at basic Internet skills.
That ‘s allegedly ‘progress’. What a joke
I have never been able to use my reward points for buying GM parts online. I always would have to request a voucher to be used at a local dealership.
This is why I don’t like giving information to companies. Rewards programs, product registration…..they’re all primary targets for hackers that deal in data.
Is this directly involving Green Hills Software that is supposed to stop hackers in these GM vehicles?
So what else is new? The whole world can be hacked. Just ask the Russians and Chinese.
Anti hacking hardware and software is a major industry. It’s a Catch 22 situation with the bad actors.