DriveSure Data Breach

04 SEP

DriveSure, a firm that helps car dealerships offer and hold on to customers, had 3. a couple of million client records leaked this month. Hackers illegally attained the data and posted it to multiple hacking message boards. The data was offered at no cost and included names, address, phone numbers and emails and also vehicle VIN numbers, service records and damage remarks. The data also included information out of large corporate and business accounts and military contact information.

The attackers released a 22GB file that composed of the DriveSure MySQL sources, which open 91 hypersensitive databases. The database remove was combined with PII, harm cases, prolonged car specifics and dealer and warranty info and over 93, five-hundred bcrypt hashed passwords, Risk Depending Reliability said in a writing on January 4. When security experts consider bcrypt safer than SHA1 or MD5, it can nevertheless be brute-forced with sufficient computer power.

The attackers produced the data source in Raidforums late last month under the username “pompompurin. ” That they wrote a lengthy post to explain as to why they were being paid the data, a behavior that is uncommon meant for hackers. Commonly, they only share beneficial segments or perhaps trimmed down versions of user directories.