By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites. This type of attack works particularly well against users who use the same password at every site. Intuit also states that the breach was discovered during a security review of its systems in the TurboTax data breach notification which was filed with the Office of the Vermont Attorney General. Following the discovery of the security breach, Intuit decided to temporarily disable the TurboTax accounts which were breached in the credential stuffing attack. TurboTax users who had their accounts temporarily deactivated have to contact Intuit using the company's Customer Care department and say "Security" when prompted, after which Intuit employees will walk them through an identity verification procedure designed to help them reactivate their accounts. More details can be found posted on OUR FORUM.