CyberNews Briefs

State Farm Accounts Compromised in Credential Stuffing Attack

Insurance and financial services group State Farm has suffered a credential stuffing attack in which the login credentials of an unknown number of customers were compromised. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, based on the knowledge that many people reuse passwords for multiple accounts. Credential stuffing is a massive threat that involves billions of malicious login attempts every month.

State Farm is notifying affected customers via email. The notification states that while a threat actor managed to confirm the user ID and corresponding password of various users, they were not able to view personal information. The group says it has not detected any other fraudulent activity.

Read more: State Farm Accounts Compromised in Credential Stuffing Attack

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.