State Farm has been victimized by a credential stuffing attack, exposing user names and passwords, although it’s not clear how many accounts were affected, according to media reports.
The insurance provider has reset passwords and notified customers and the California Attorney General.
Also not clear at deadline was whether email addresses were included.
According to Bleeping Computer, the firm has sent this notice to customers:
"State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt access to State Farm online accounts.
During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account."
The company indicated that no sensitive personal information was affected, and that it has not been used for fraudulent purposes.
The first attack was detected on July 6, and the others on July 8, July 12, July 13, July 14, July 17, July 19, July 20 and July 22, Bleeping Computer continues.