SECURITY
SECURITY
SECURITY
Data stolen from State Farm in ‘credential-stuffing’ attack
Customer data from insurance and financial services group State Farm Mutual Automobile Insurance Co. has been stolen in a hack that used credential-stuffing.
That’s a process that uses account login details stolen in other hacks in an attempt to gain access on the presumption that many people reuse the same email and password across multiple sites.
The amount of data compromised has not been disclosed. State Farm both notified affected users and requestes that they reset their passwords.
“State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt access to State Farm online accounts,” the letter said. “During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.”
The first attacked was detected on July 6, with eight further attacks detected using the method through to July 22, according to a report Wednesday by Bleeping Computer.
“Credential-stuffing attacks are becoming a frequent threat as companies such as PCM, Sky and Dunkin’ Donuts have all learned this year,” Vinay Sridhara, chief technology officer at cybersecurity platform Balbix Inc., told SiliconANGLE.
“The fact is that the credential-stuffing attacks are just one attack vector companies must be prepared to defend against,” Sidhara said. “Organizations are tasked with the cumbersome burden of continuously monitoring all assets across hundreds of potential attack vectors to detect vulnerabilities. This involves analyzing tens of billions of time-varying data signals, a task that is not a human-scale problem anymore.”
Adam Laub, chief marketing officer at data security firm STEALTHbits Technologies Inc., noted that the burden of creating and maintaining unique username and password combinations really ends up falling on the shoulders of the weakest link: the user.
“It may be time for organizations to take matters into their own hands,” Laub added. “If end users can’t or won’t comply with the guidance being provided to keep their accounts safe, perhaps proactive analysis of user account passwords and forced remediation when they’re determined to be vulnerable to password guessing attacks may be the only way to address this particular attack vector.”
Photo: State Farm/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
