According to Dark Reading's report on Monday, hackers have used tax passages to retrieve tax returns with passwords from third parties.
This means that the attackers have taken lists of passwords from other services and have tried logging into TurboTax accounts, where valuable personal information such as social security numbers, names and addresses are stored in tax returns. Hackers do not need to steal TurboTax passwords directly for this trick to work.
This is called "credential stuffing" and works because users use the same password for multiple accounts. You are at risk if you use the same password for your TurboTax account and another service that has been hacked. It's the same approach hackers used to takeand play a hoax message.
Intuit, which owns TurboTax, did not respond immediately to a comment request.
In addition to using a unique password, users can set up two-factor authentication, which requires someone to log in from a new device to provide a one-time login code.