Data breach at TurboTax exposes users’ information

turbotax hack

Company officials report that unknown actors got access to data using credentials obtained in other incidents

According to network security and ethical hacking specialists from the International Institute of Cyber Security reports, Intuit, a financial software developer and creator of services like Mint and TurboTax, has been the victim of a credential stuffing attack. It is believed that attackers aim to the tax return information of users of these systems.

During a routine safety check, the company’s network security specialists discovered the cyberattack. According to Intuit, both the authorities and the affected users have already been notified; in the incident report, it is mentioned that an unauthorized agent accessed the data of the affected users using user names and passwords obtained from a non-intuitive source, thanks to a credential stuffing attack.

In cases where the attack was successful, hackers could have accessed user tax returns, in addition to additional information stored on the platform, such as:

  • Full names
  • Social Security numbers
  • Users’ addresses
  • Dates of birth
  • Financial information

The compromised information could also include details about some close relatives of the affected users, according to network security experts.

As a security measure, Intuit temporarily disabled the affected accounts after discovering the incident. In addition, the platform has provided affected users with a year of free identity protection services, bank account monitoring and identity restoration through a certified service.

Intuit insists that the incident should not be considered as a data theft that compromised its infrastructure, but it is an attack against specific accounts of some users.