Drivesure Data Breach

You may have used drivesure for training your staff to bring in and keep clients when you own a car dealership or work in the auto industry. Millions of customers have provided their full names, addresses, phone numbers and email addresses, as well as their vehicle VINs and service records to the service and it appears that some of those accounts were taken. Hackers released the information on the Raidforums forum late last month and made it available for free.

According to Bleeping Computer, the data dump was posted online by a threat actor known as “pompompurin”. The motive of the attacker is not known. However, he did not seem to be after money as the files were uploaded in a slow manner and did not ask for payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These images could be used in spear attack on phishing or other phishing.

Security researchers combing the Internet for databases that are not secure have discovered massive databases of information on 3.2 million DriveSure customers. The breach involves 91 MySQL database that contains detailed dealership and inventory data including revenue data, claims and reports along with PII, and 93 063 bcrypt hashed credentials.

The company claims to be working with Microsoft to fix the issue. It’s not yet clear if the company will be able get a patch out to the various smaller systems that run the older version of Accellion’s FTA software.

vpnversed.com/data-room-software-for-creating-companies-wealth/

Comments

  • No comments yet.
  • Add a comment