The company noticed the data theft between April 11, 2022 and April 29, 2022, when suspicious logins into some GM online accounts began. The attackers used customers’ bonus points to buy gift cards. Immediately after the attack was detected, the company disabled the gift card purchase function and informed customers in its message demanding to change passwords.
“We have reported the attack to law enforcement and continue to monitor account activity to protect our customers and their personal information,” GM said in a statement.
According to experts, the attackers could find out the victim’s first and last name, personal email address, real address, family members’ numbers (if they are linked to the victim’s account), the last known and stored location information, information about the Opel OnStar package (if the victim had it). Hackers could also get photos of family members (if they were uploaded) and GM gift points. In its message, the company stressed that the attackers did not find out the date of birth of the victims, social security numbers and driver’s license, as well as information about a credit card or bank account.
The company believes that the login data for customer accounts was obtained outside GM networks. Presumably, the attackers gained access to this information through other non-GM sites and used it to access the company’s accounts.
Experts strongly recommend that all affected users immediately reset their passwords, and no longer use the same credentials on multiple sites or platforms. It is also recommended to remain vigilant during such attacks and regularly check account statements and credit reports.