BleepingComputer reports that General Motors had information from some of its customers compromised as a result of a credential stuffing incident last month.
Threat actors launched malicious activity aimed at GM's online bills management and rewards platform for Chevrolet, GMC, Buick, and Cadillac owners between April 11 and April 29, which prompted unauthorized rewards redemptions, according to GM, which emphasized that the incident was a result of credential stuffing attacks rather than a direct hack on the manufacturer.
"Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself. We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer's GM account," said GM.
However, individuals had their names, home addresses and personal email addresses, usernames and registered family members' phone numbers, existing OnStar subscriptions, last known and saved location data, profile photos, family members' photos and avatars, and search and destination data exposed as a result of the incident.