US banking and insurance giant State Farm has informed customers that it suffered a credential stuffing attack through which hackers were able to confirm valid usernames and passwords to attempt access into online accounts.

The company is writing a letter to notify its customers, calling "bad actor" behind accessing the credentials by hacking a third party website to gain access to State Farm online accounts.

Spokesperson of the State Farm told ZDNet that they discovered the hack on July 6, 2019. However, the company restrained to comment on a direct question regarding the number of affected accounts.

"We have implemented additional controls and continue to evaluate our information security efforts to mitigate future attacks," a State Farm spokesperson told ZDNet.

"We encourage customers to regularly change their passwords to a new and unique password, use multi-factor authentication whenever possible, and review all personal accounts for signs of unusual activity," the company added.

Moreover, State Farm says, they have not found any fraudulent activity till now, but to further secure the data of the customers they have reset passwords to block future malicious activity.