Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. Intuit discovered during a security review that an undisclosed number of TurboTax accounts was breached and customer info was exposed. The company’s investigation revealed that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source”” to gain access to the accounts. This type of attack works incredibly well against targets who use the same login credentials for multiple sites or services.”
Source: https://www.bleepingcomputer.com/news/security/intuit-notifies-customers-of-compromised-turbotax-accounts/