State Farm Accounts Compromised in Credential Stuffing Attack
Insurance and financial services group State Farm has suffered a credential stuffing attack in which the login credentials of an unknown number of customers were compromised. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, based on the knowledge that many people reuse passwords for multiple accounts. Credential stuffing is a massive threat that involves billions of malicious login attempts every month.
State Farm is notifying affected customers via email. The notification states that while a threat actor managed to confirm the user ID and corresponding password of various users, they were not able to view personal information. The group says it has not detected any other fraudulent activity.