The safety of customer data is very much at risk despite prodigious investments in cybersecurity. This begs the question: How is that possible? In April 2022, General Motors customer accounts suffered a massive account takeover (ATO) attack. Affected users watched as their GM store credits were drained or emptied. Even worse, General Motors’ site wasn’t even hacked; the credentials were stolen from other sites and used to gain access to GM accounts.