Hackers Get into TurboTax Accounts Due To Poor Passwords. Hackers worldwide have been busy this year, with Intuit being the latest company to fall victim to their attacks.
The TurboTax company’s recently announced hackers accessed a network breach following a series of accounts takeover attacks, and that as a consequence, an undisclosed number of Turbo Tax customers had their data compromised.
TurboTax stresses that this breach was not a consequence of failed network security but rather bad password practices in use by some customers with their accounts.
Don’t Use Same Passwords for Your Other Accounts
The way an ATO (Account Take Over) attack works is this: A TurboTax customer is in the habit of using the same account password on multiple sites. A hack occurs on another site that the customer uses, and exposes his account password.
Knowing that many people reuse passwords, hackers attempt to use the passwords they glean from one breach on accounts for other sites, hoping to get lucky. Unfortunately, in many cases, they do. That’s what happened here.
Although the number of impacted accounts seems disturbingly large, the reality is that Turbo Tax serves over 100 million customers a year. So the impacted accounts represent a tiny fraction of the total. Granted, that’s small consolation for those who have had their data compromised, but understanding how it happened and the context of the scope and scale is still important.
Now for the bad news: the hackers likely made off with information like your tax returns for prior years, your current tax return, your social security number, date of birth, driver’s license number, and a wide range of financial information. Put another way, the hackers now have in their possession everything they need to steal your identity and/or make your life a living hell. So be careful and check your credit report regularly for the next few months.