Intuit’s TurboTax Stuffing Attack Leads To Data Breach
Intuit notifies various owners of TurboTax accounts of a successful breach against them, urging them to follow the designated account resetting procedure.
According to Adam Laub, SVP Product Management, STEALTHbits Technologies, “Human nature is the fuel within the Credential Stuffing machine. If your email address is your typical username and you use the same password across different sites, you’re ripe for the picking. Credential Stuffing ceases to be a viable attack technique when users leverage different, unique passwords across the various sites and services they log into. However, our innate desire to remember as little information as possible in an age where all the information we may ever want to recall is literally at our fingertips continues to drive the use of the same username and password combination to everything we access, from our bank accounts and medical records to of course our tax returns.”
He added, “With just an ounce more effort and the use of any password management tool, this particular attack technique could become completely useless. My guess is that we’ll continue to see this for quite some time.”