Hackers use stolen passwords to entry TurboTax
Cyber Security

Hackers use stolen passwords to entry TurboTax

hackers-2794

Hackers accessed tax returns stored with TurboTax using passwords stolen from a third party, an Intuit spokesman said Monday.

The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns.

The technique is called “credential stuffing,” and it works because people reuse the same password across multiple accounts. You’re at risk if you’re using the same password for your TurboTax account and some other service that got hacked. It’s the same approach hackers appeared to use to take over a Nest security camera owner’s device and play a hoax message in January.

In addition to using a unique password, users can set up two-factor authentication that will require someone signing in from a new device to provide a onetime code to log in.

You might also like

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

Iranian Hackers Exploit PLCs in Attack on Water Authority in US

Hackers Stole Access Tokens from Okta Support Unit

Hackers Steal $20M by Exploiting Flaw in Revolut Payments

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More