The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
US insurance firm State Farm has confirmed a credential-stuffing attack. In a letter to customers, the company reports a so-called "bad actor" used a list of user IDs and passwords obtained from outside sources to attempt to gain access to State Farm online accounts.
As part of the attack, the actor was able to confirm a valid username and password for affected accounts. No sensitive personal information was viewable, State Farm says, and no fraud has been detected. It has reset passwords to block future malicious activity by the same attacker.
In its notification letter, the insurer urges users to change passwords as soon as possible and to reset the password for other accounts that share the same one. Customers are encouraged to monitor their accounts and credit reports for the next one to two years and report suspicious activity to law enforcement, including the Federal Trade Commission and attorney general.
Read more details here.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024