General Motors suffers credential stuffing attack

Posted date 02/06/2022

US automaker General Motors was the victim of a credential stuffing attack that exposed some customers' information and allowed attackers to redeem reward points for gift cards.

The specific target of the attack was its online platform for managing invoices, services and redeeming reward points.

GM contacted those affected to inform them of account recovery instructions. In addition, affected users should reset their passwords before logging back into their accounts.