Credential stuffing attacks struck an undisclosed number of TurboTax accounts. Credentials came from an unknown, non-Intuit source.