State Farm One suffers a data breach in credential stuffing attack

American based Insurance company State Farm suffers a data breach in credential stuffing attack. Attackers used a list of usernames and passwords obtained via credential stuffing attack to access State Farm customers’ online accounts.

The insurer’s data breach notification email read: “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.”

The investigation revealed that attackers were able to confirm valid usernames and passwords for some online accounts, however, no personal information was accessed.

Insurance company State Farm notified its customers that it suffered a credential stuffing attack during which attackers were able to confirm valid usernames and passwords for some customer accounts.

In addition to notifying impacted users, State Farm has also reset all passwords for the accounts whose credentials were breached by the hacker.

Later, State Farm reviewed the accounts of impacted customers and confirmed that no fraudulent activity occurred.

Reference:

https://www.bleepingcomputer.com/news/security/state-farm-accounts-compromised-in-credential-stuffing-attack/