State Farm Reports Credential-Stuffing Attack
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
US insurance firm State Farm has confirmed a credential-stuffing attack. In a letter to customers, the company reports a so-called "bad actor" used a list of user IDs and passwords obtained from outside sources to attempt to gain access to State Farm online accounts.
As part of the attack, the actor was able to confirm a valid username and password for affected accounts. No sensitive personal information was viewable, State Farm says, and no fraud has been detected. It has reset passwords to block future malicious activity by the same attacker.
In its notification letter, the insurer urges users to change passwords as soon as possible and to reset the password for other accounts that share the same one. Customers are encouraged to monitor their accounts and credit reports for the next one to two years and report suspicious activity to law enforcement, including the Federal Trade Commission and attorney general.
Read more details here.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024