General Motors under hacker attack, car owners' personal info exposed

US car giant General Motors (GM) reported it was hit by a credential stuffing attack last month that exposed customer data and allowed hackers to redeem rewards points for gift cards.

A credential stuffing attack is a hacker attack in which credentials obtained from a previous data breach on one service are used to attempt to log in to another unrelated service.

GM said that they detected the malicious login activity between April 11-29 2022:

The personal information of affected customers includes:

First and last names,
Email addresses,
Home addresses,
Usernames,
Phone numbers for registered family members tied to the account,
Last known and saved favorite location information
Search and destination information.

Apart from resetting their passwords, GM advised affected individuals to request credit reports from their banks and place a security freeze.

A huge data breach has also exposed four years’ worth of records of nearly 500,000 Chicago Public Schools (CPS) students and 60,000 employees.