The security team at Intuit, a financial software developer, released a report confirming that a group of threat actors gained access to TurboTax customers’ personal and financial information as part of an apparent account takeover attack. In a notification sent to affected users, the company specified that this is not a widespread incident.
As some users may recall, in these attacks the criminals get try to access the accounts of potential victims using login credentials stolen in previous security incidents. Since millions of users employ the same credentials to access their online platforms, this attack variant is highly effective.
The report notes that Intuit teams discovered a leak involving a non disclosed number of TurboTax accounts. The attackers allegedly used credentials obtained from a threat actor “outside of Intuit,” the company says.
“By accessing the affected accounts, threat actors may have obtained information about tax returns from a previous year and even from the current year. These records include sensitive data such as full names, social security numbers, phone numbers, addresses, email addresses and financial details,” the company says.
After discovering the attacks, Intuit temporarily deactivated the compromised TurboTax accounts as part of an incident mitigation process. Users who have experienced the temporary dequalification of their accounts should contact the company, which has deployed a dedicated team to fix this temporary measure.
This isn’t the first time a hacking group has successfully compromised TurboTax accounts to steal financial and personal information. Users of this platform were the target of at least three other series of similar attacks between 2014 and 2019. As in this case, Intuit temporarily deactivated some accounts and offered a free year of identity protection and credit monitoring to affected users.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.