Some customers of the State Farm Insurance company got an unpleasant notice. They were notified by the insurance giant that there’s been a major hack. A bad actor had used a list of usernames and passwords to attempt to access accounts. The usernames and passwords were genuine. State Farm believes that the hacker got them from the dark web.
They went on to say that they don’t believe that any confidential information was accessed and that they had changed the passwords of those affected by the attack.
They also advised users to monitor their other accounts for unusual activity and suggested it might be a good time to put a credit freeze in place.
This is what’s known as a credential stuffing attack. And it doesn’t mean that hackers actually breached any confidential information on State Farm’s servers. Sometimes, they just get their hands on username and password combos from other breaches and try them on as many sites as they can find. That’s why it’s a good idea not to use the same password for every site.
If your State Farm account was affected, you should have received notice from the company already.
But it’s probably a good idea to always act as if your account has been hit. Carefully monitor your statements and consider putting a credit freeze in place, just for safety’s sake.