State Farm hit by data breach

[David H. Lipman]

State Farm hit by data breach

"State Farm – the largest property and casualty insurance provider in the US - has been compromised in a credential stuffing attack. The firm acknowledged the cyberattack, filing a data breach notification with the California Attorney General, and on Wednesday (August 07), it sent out “Notice of Data Breach” emails to users whose online account log-in credentials were obtained by a bad actor.

The insurer’s data breach notification email read: “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.”

This type of cyberattack is called credential stuffing. Attackers will buy or take usernames and passwords that were leaked from other companies’ data breaches and they will try to use those credentials to log-in to other accounts and sites. It works well against people who use the same password for lots of different sites – something many people are in the habit of doing."

 

[Firefox]

Thanks for the info, thank goodness I don't have State Farm

[John L. Galt]

I do - but I haven't received an email from them so I suppose I am good...

Changing my pw just in case....even though it is already pretty strong.  I do wish they supported 2 factor authentication - maybe with some nationwide pressure with tweets from https://twofactorauth.org/#banking (scroll to find state farm, or search at the top) maybe they might listen?