Skip to main content

TurboTax Data Breach

In the News  

In TurboTax Users Hit by Credential Stuffing Attack, Phil Muncaster at InfoSecurity Magazine discusses how previously stolen user names and passwords were used to access user tax forms at TurboTax. Muncaster details that information obtained from these reports included financial information as well as social security numbers (SSNs). Muncaster reports that those impacted were instructed to change their passwords as well as enable multi-factor authentication for their account. 

Our Take  

While data breaches occur through a variety of attack vectors, some methods are easier to prevent than others. Credential-stuffing, or the method of using previously stolen account information to extract additional information, is so effective because users frequently reuse their account passwords or create easy to hack passwords. Simple passwords such as ‘password’ and a strand of sequential numbers are used more often than one might expect. So although using one strong password for all of your accounts may be a more simplistic way to log-in, this practice puts you and your information at risk if any of those accounts experience a data breach or elaborate hack. Additional security measures are always needed on the corporate end; however, for credential stuffing attacks specifically, more stringent consumer practices are the best way to preserve the privacy of your sensitive information. 

Recommendations  

How can you protect your personal information from exposure?   

Leave a Comment