Drivesure Data Break

Despite the fact that most companies invest in training their personnel and security actions to protect info from cybercriminals, attacks still happen. This sort of was the case with a recent attack that kept millions of personal details by a company referred to as drivesure in hacking community forums.

The Illinois-based car dealership service provider drivesure, which in turn specializes in worker training programs and customer retention, experienced a data infringement that uncovered the information of about 3. a couple of million clients. According to a blog post on January 4 this year by the reliability vendor Risk Based Protection, online hackers dumped multiple directories of database data on a dark web message board. The data included names, residence and cellular phone numbers, emails, messages among dealerships and clients, automobile make and model and VIN amount, service records and damage promises. In addition , over 93, 500 bcrypt hashed passwords were released. Though bcrypt is actually a strong encryption method in comparison with older methods like SHA1 and MD5, hackers can use scripts to brute-force the hashed security passwords.

The 3. a couple of million data points were publicized on Raidforums by a great attacker making use of the handle “pompompurin. ” In addition to the user database, online hackers released a 22GB record that was comprised of the DriveSure MySQL sources. The remove exposed 91 sensitive databases, including PII, damage requirements, extended car facts and dealer and warranty facts. As a result of the leak, a person with a DriveSure account should consider changing all their password right away.

Leave a Reply