19th Ave New York, NY 95822, USA

Drivesure Data Breach

Drivesure, a dealership service provider, experienced an attack on its database in December of last year. The result was that 26GB of personal data was downloaded and shared on hacking forums. The hacked data set included names as well as addresses and phone numbers of 3.2 million customers and also text messages and email messages between the customers of the traders VINs of vehicles and service records. Also, more than 93 000 hashed bcrypt passwords were released. Although bcrypt hashes are deemed superior to older methods like SHA1 or MD5 However, they could be brute forced following download, as reported by Risk Based Security.

In a lengthy blog post on Raidforums the hacker “pompompurin” provided details of the leaked user’s information and files. This is unusual because hackers typically share only important parts or cut-down versions of the databases they have discovered.

The database was leaked because an error in configuration in an AWS bucket used by the company according to CISO Magazine. The AWS bucket was left unprotected, allowing anyone to access it and its contents. This included more than one million email addresses in plaintext, as well passwords encrypted using the bcrypt encryption method.

Drivesure users should be worried about the breach, since they could be the victims of fraud or identity theft when their personal information is stolen. Users of vpnversed.com/data-room-software-for-creating-companies-wealth/ the site are advised to change their passwords as fast as possible. They should also think about changing their login credentials on other websites using the exact same credentials.

Leave a comment