Personal Finance

Turbo Tax Cyber Attack

  • Last Updated:
  • Feb 25th, 2019 8:48 pm
[OP]
Deal Expert
User avatar
Jun 15, 2011
39917 posts
5973 upvotes
King City

Turbo Tax Cyber Attack

FYI to any existing or new Turbotax users.

Not sure if it belongs in here.

https://www.darkreading.com/threat-inte ... id/1333954
Proud to be an Indian.
__________________________________________________________________________
Incident/Cyber Breach Response|Malware Analyzer|Threat Intellligence
8 replies
[OP]
Deal Expert
User avatar
Jun 15, 2011
39917 posts
5973 upvotes
King City
Perhaps. I didn't dig too much into it, but perhaps I should. Will be a good use case for my field. :)
Proud to be an Indian.
__________________________________________________________________________
Incident/Cyber Breach Response|Malware Analyzer|Threat Intellligence
[OP]
Deal Expert
User avatar
Jun 15, 2011
39917 posts
5973 upvotes
King City
Isostar wrote: The article you are referring is for US breach. Do they have common database for both US and CA?
Didn't specify, and I am hoping they're not common. That would be a big mistake on Turbo Tax's part.
Proud to be an Indian.
__________________________________________________________________________
Incident/Cyber Breach Response|Malware Analyzer|Threat Intellligence
Deal Expert
Aug 22, 2011
30346 posts
16194 upvotes
Ottawa
Looks like it only impacts those that uses their online software for filing?
Deal Addict
Oct 22, 2015
1247 posts
348 upvotes
vkizzle wrote: Looks like it only impacts those that uses their online software for filing?
Yes sounds online only. That's why I don't trust simpletax and such...I rather install on PC.
Member
Aug 19, 2013
287 posts
233 upvotes
Etobicoke
That's why I always prefer StudioTax.
Tangerine | Public Mobile |STACK MC
Deal Addict
Aug 18, 2018
1786 posts
1359 upvotes
Bay Area
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.

A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites. This type of attack works particularly well against users who use the same password at every site.
Not sure I'd really call this an "attack", more like a bunch of amateurs trying to get lucky.

And this also highlights the importance of not recycling your login credentials for critical websites. I'll be the first to admit I recycle my logins for non-essential fluff, but definitely NOT for important sites like TurboTax or any government websites.

In any case, changed my PW, then turned on 2FA for additional protection. Thanks for the headsup.

Top