The good hands at State Farm managed to let slip through a credential stuffing attack, but the company does not believe any information was leaked or viewed by the malicious actor.In a letter to the customers affected, State Farm said the attacker used login credentials most likely procured on the dark web and then attempted to utilize them to access their State Farm account. So far the only result of the attack was the hacker receiving a confirmation that the user name and passwords used were valid for the account.“No sensitive personal information was viewable. After a
review of your online account, we have also confirmed that no fraudulent
activity occurred,” State Farm said in the letter.The company has completed a force password reset for its
customers and is requesting that those people reset their credentials once
again and if their compromised State Farm credentials are used with other
accounts that those too should be reset.“Credential stuffing attacks are becoming a frequent threat
as companies such as PCM, Sky and Dunkin’ Donuts have all learned this year.
The fact is that the credential stuffing attacks are just one attack vector
companies must be prepared to defend against,” said Vinay Sridhara, CTO, Balbix.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds