In the News
In TurboTax Users Hit by Credential Stuffing Attack, Phil Muncaster at InfoSecurity Magazine discusses how previously stolen user names and passwords were used to access user tax forms at TurboTax. Muncaster details that information obtained from these reports included financial information as well as social security numbers (SSNs). Muncaster reports that those impacted were instructed to change their passwords as well as enable multi-factor authentication for their account.
Our Take
While data breaches occur through a variety of attack vectors, some methods are easier to prevent than others. Credential-stuffing, or the method of using previously stolen account information to extract additional information, is so effective because users frequently reuse their account passwords or create easy to hack passwords. Simple passwords such as ‘password’ and a strand of sequential numbers are used more often than one might expect. So although using one strong password for all of your accounts may be a more simplistic way to log-in, this practice puts you and your information at risk if any of those accounts experience a data breach or elaborate hack. Additional security measures are always needed on the corporate end; however, for credential stuffing attacks specifically, more stringent consumer practices are the best way to preserve the privacy of your sensitive information.
Recommendations
How can you protect your personal information from exposure?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Use safe password practices, and take advantage of Multi-factor Authentication where possible
- Check your email, financial accounts, and credit reports regularly for abnormal activities
- Stay up to date on the news regarding recent data breaches and phishing attacks to see if you may have been affected