Drivesure Data Breach

Car dealership vendor drivesure suffered a data infringement last December that left 26GB of private information downloaded and shared on hacking community forums. The hackers dumped multiple databases featuring names, tackles, phone numbers, electronic mails between dealers and clients and motor vehicle details which include makes, units, VIN amounts, documents, damage claims and service records. Additionally , over 93, 500 bcrypt hashed passwords were also virtual collaboration software released. The passwords happen to be cryptographically safeguarded, but simply because they use bcrypt hashes (which are more powerful than SHA1 and MD5) attackers can easily still brute-force them to gain gain access to.

The cybercriminal known as “pompompurin” published the databases in Raidforums cracking forum past due last month. The database files contained email usernames, email addresses and passwords. The threat actor also provided in depth descriptions of your leaked sources and customer information, regarding to protection vendor Risk Based Protection, which 1st spotted your data dump.

The database of nearly 3 million Drivesure subscribers comprises of personal and financial data like driver’s license amounts, credit card accounts and commercial lender statements. It could be used for id theft, fraudulence and other against the law activities. The crack is another sort of how info breaches can happen when small companies use third-party software. The recent favola of SolarWinds, Washington California’s auditor and Wind Lake Systems is another. These companies will be among the ones that sell program to help large organizations copy large data. Smaller businesses also use these third-party programs to manage their inner networks and computers. Despite the best hard work of these firms to protect their particular customer info, they are somewhat insecure.