Drivesure Data Breach

Car dealership service provider drivesure endured a data breach last December that left 26GB of private info downloaded and shared in hacking discussion boards. The online hackers dumped multiple databases including names, details, phone numbers, electronic mails between stores and customers and automobile details including makes, styles, VIN statistics, documents, damage claims and service records. In addition , over 93, 500 bcrypt hashed passwords were also released. The passwords will be cryptographically protected, but simply because use bcrypt hashes (which are more powerful than SHA1 and MD5) attackers can easily still brute-force these to gain get.

The cybercriminal known as “pompompurin” published the databases about Raidforums hacking forum later last month. The database data files contained email usernames, email addresses and passwords. The risk actor as well provided descriptive descriptions on the leaked databases and customer information, matching to reliability vendor Risk Based Protection, which first of all spotted the information dump.

The database of nearly three million Drivesure subscribers comprises of personal and financial facts like driver’s license numbers, credit card accounts and mortgage lender statements. It can be used for personality theft, scam and other against the law activities. The compromise is another example of how data breaches can happen when small businesses use third-party software. The recent tale of SolarWinds, Washington State’s auditor and Wind Riv Systems is another. These companies are among those that sell computer software to help huge organizations transfer large data files. Smaller businesses utilize these thirdparty programs to handle their inside networks and computers. Inspite of the best efforts of these businesses to protect their particular customer info, they are susceptible.

Leave a Comment

Your email address will not be published.