Company officials report that unknown actors got access to data using credentials obtained in other incidents
According to network
security and ethical hacking specialists from the International
Institute of Cyber Security reports, Intuit, a financial software developer and
creator of services like Mint and TurboTax, has been the victim of a credential
stuffing attack. It is believed that attackers aim to the tax return
information of users of these systems.
During a routine safety check, the company’s
network security specialists discovered the cyberattack.
According to Intuit, both the authorities and the affected users have already
been notified; in the incident report, it is mentioned that an unauthorized
agent accessed the data of the affected users using user names and passwords
obtained from a non-intuitive source, thanks to a credential stuffing attack.
In cases where the attack was successful,
hackers could have accessed user tax returns, in addition to additional
information stored on the platform, such as:
- Full
names - Social
Security numbers - Users’
addresses - Dates
of birth - Financial
information
The compromised information could also include
details about some close relatives of the affected users, according to network
security experts.
As a security measure, Intuit temporarily
disabled the affected accounts after discovering the incident. In addition, the
platform has provided affected users with a year of free identity protection
services, bank account monitoring and identity restoration through a certified
service.
Intuit insists that the incident should not be
considered as a data theft that compromised its infrastructure, but it is an
attack against specific accounts of some users.
