Drivesure Data Break Revealed

The supply chain is a big source of exposure to possible businesses. The information that businesses share with others is often very sensitive and can be hacked either unintentionally or maliciously.

A recent info breach subjected personal information about possibly hundreds of thousands of American car owners who all fell to the highway assistance course offered by a few dealerships. That info was uploaded to a hacking forum, analysts at protection vendor Risk Based Secureness discovered.

Drivesure is a training platform that helps dealerships build buyer trustworthiness through leveraging data about customer goes to, tastes and other personal data. It has numerous customers whom sign up for their services and offer their names, addresses, email address, contact numbers, vehicle VIN numbers, service records, damage boasts, and other info to the web site.

In December 2020 a data break occurred at the company and 26GB of private info got downloaded and made community on a breaking website. This included 4. 6 mln unique emails, names, physical the address, and car information which includes makes, models, VIN statistics and odometer readings.

The details was also available for free upon several hacking community forums, turning it into freely attainable to anyone. The online hackers dumped a 22GB file which in turn contained DriveSure’s MySQL databases, revealing 91 fragile databases with PII as well as damage demands, prolonged car specifics and seller and warrantee information.

Much more than 93, five-hundred bcrypt hashed passwords had been released, although they’re more powerful than SHA1 and MD5. This means that assailants can use intrigue to brute-force these passwords to gain access. Users should transformation their accounts immediately and ensure that passwords will be cryptographically protected.

Leave a Comment