Sergiu Gatlan reports:
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.
A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites. This type of attack works particularly well against users who use the same password at every site.
Read more on BleepingComputer.
It’s 2019. Why is this still a thing?
Here is Intuit’s notification to Vermont: