From bleepingcomputer.com
United States based insurance company State Farm has begun to send out email notifications to users whose online account login credentials were discovered by an attacker during a credential stuffing attack.
A credential stuffing attack is when attackers compile usernames and passwords that were leaked from different company’s data breaches and use those credentials to try and gain access to accounts at other sites. This type of attack works particularly well against users who use the same password at every site.
In a “Notice of Data Breach” sent to users impacted by this breach, State Farm says: