Insurer State Farm has suffered a credential stuffing attack, first discovered on July 6, 2019 when a bad actor confirmed valid usernames and passwords for U.S. customers' online accounts. The banking and insurance giant said it reset account passwords to, and notified all, affected accounts.

Techniques like credential stuffing—breaking into accounts with reused passwords—put users at risk for complete account takeovers, which in turn opens their employer to lateral attacks. As data breaches continue to expose the account credentials of their users, credential attacks are becoming more common.