TurboTax Hit with Cyberattack, Tax Returns Compromised
-
TurboTax Hit with Cyberattack, Tax Returns Compromised
https://www.darkreading.com/threat-intelligence/turbotax-hit-with-cyberattack-tax-returns-compromised/d/d-id/1333954?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple"The incident was discovered during a system security review, Intuit reported in a breach disclosure letter filed with the Office of the Vermont Attorney General and shared with affected users. Officials explain how an unauthorized party targeted TurboTax users by taking usernames and passwords "from a non-Intuit source," which they used in a credential stuffing attack.
If their login was successful, attackers may have accessed data contained in a prior year's tax return or current tax returns in progress. This includes name, Social Security number, address(es), birthdates, driver's license number, and financial data (salary, deductions), as well as information belonging to other individuals included in the victim's tax return, they report."
-
Well aren't I glad I went with the other, not publicly hacked tax preparers this year.
-
in the "more details link"... (https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/)
Intuit states that their systems are fine and that the problem appears to be that the users used the same email address & password on multiple sites... <sarcasm>which we all know is a great security practice!</sarcasm>
-
@dafyre Yes. Exactly. That is why I use different random passwords from a generator for anything of any importance.
-
@dafyre said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
in the "more details link"... (https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/)
Intuit states that their systems are fine and that the problem appears to be that the users used the same email address & password on multiple sites... <sarcasm>which we all know is a great security practice!</sarcasm>
In otherwords -
@DustinB3403 said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
Well aren't I glad I went with the other, not publicly hacked tax preparers this year.
This didn't really matter.
-
@wrx7m said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@dafyre Yes. Exactly. That is why I use different random passwords from a generator for anything of any importance.
it's why I do it period!. use a password manager and life won't bite you by this shit.
-
@wrx7m said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@dafyre Yes. Exactly. That is why I use different random passwords from a generator for anything of any importance.
My random password generator of choice (http://correcthorsebatterystaple.net) :
-
@JaredBusch lol
-
@JaredBusch said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@wrx7m said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@dafyre Yes. Exactly. That is why I use different random passwords from a generator for anything of any importance.
My random password generator of choice (http://correcthorsebatterystaple.net) :
I just use Bitwarden's generator if I need one.
-
@dafyre said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@JaredBusch said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@wrx7m said in TurboTax Hit with Cyberattack, Tax Returns Compromised:
@dafyre Yes. Exactly. That is why I use different random passwords from a generator for anything of any importance.
My random password generator of choice (http://correcthorsebatterystaple.net) :
I just use Bitwarden's generator if I need one.
I like this because, when I rarely actually need to type one in, I can easily do so.
Mixing up the special characters (see separator box) makes it more than just words.
Separator:213456789!@#$%