TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised


TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised (Feb 25, 2019)

The parent company of the “TurboTax” tax preparation software, “Intuit,” has issued a statement in which they confirmed that TurboTax was targeted by a credential stuffing attack. Credential stuffing is a tactic used by threat actors where they use previously compromised to attempt to gain access to other accounts, in this instance TurboTax. Actors were able to gain access to an unspecified number of TurboTax accounts. Said accounts contain Personally Identifiable Information (PII) including: birthdates, driver’s license number, financial data (salary, deduction), Social Security Number, among other information contained in tax returns. This incident shows the potential risk associated with reusing passwords for multiple online services.

Recommendation: While Inuit has stated that this attack did result in a breach of its system, it is paramount that individuals takes steps to protect their PII because it was reused credentials that caused some people to be affected by this incident. The exposure of PII requires affected individuals to take precautionary measure to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.