New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


TurboTax Accounts Accessed Through Credential Re-Use

During a security review, Intuit has discovered an undisclosed amount of TurboTax accounts that have been breached, exposing sensitive customer information. Intuit concluded that the accessed accounts were part of other third-party data breaches and the result of credential re-use on the Intuit platform. After the discovery, Intuit sent a breach notification letter to affected customers and has disabled the accounts. Affected customers must contact Intuit’s Customer Care department (1-800-944-8596) and say “security” at the prompt to speak with an employee who will then work to verify the customer’s identity and restore access.

Analyst Notes

Credential re-use is a common way for threat actors to gain access to other accounts. Publicly available collections of data breaches make collecting potential credentials a very simple task. Creating secure passwords for every site or service can be a challenge but using a trusted password manager such as KeePass or LastPass help ease the burden so you only need to remember one: the password to access all your passwords. Because this one password protects the rest of your passwords, however, it is especially important to create a strong, yet memorable password for this service. Although some may find the few extra steps to use a password manager burdensome, many of them also have browser plugins available which can offer to automatically fill in login forms or offer to save a new registration without manually adding it. Intuit also offers Multi-Factor Authentication (MFA) as an optional feature to protect TurboTax customer accounts. It is best to take advantage of MFA on any account where it is offered, especially if the account gives access to financial information.