DriveSure Data Breach

DriveSure, a company that helps car dealerships offer and hold on to customers, acquired 3. 2 million consumer records released this month. Online hackers illegally attained the data and posted this to multiple hacking message boards. The data was offered free of charge and included names, addresses, phone numbers and emails as well as vehicle VIN numbers, documents and damage comments. The data included as well information right from large corporate and business accounts and military address.

The assailants released a 22GB file that made up of the DriveSure MySQL sources, which revealed 91 sensitive databases. The database dispose of was combined with PII, damage cases, extended car specifics and seller and warranty info and also 93, 500 bcrypt hashed security passwords, Risk Depending Reliability said in a blog post on January 4. When security professionals consider bcrypt safer than SHA1 or MD5, it can be brute-forced with sufficient computing power.

The attackers written and published the repository upon Raidforums past due last month beneath the username “pompompurin. ” They wrote an extensive post to explain how come they were writing the data, a behavior that is uncommon designed for hackers. Typically, they just share important segments or trimmed straight down versions of user directories.

Leave a Reply

Your email address will not be published.