Drivesure Data Breach

You may have used drivesure to teach your employees how to increase sales and retain customers in the event that you own a car dealership or work in the automotive industry. Millions of customers provided their full names, addresses, phone numbers, emails as well as VINs of their vehicles and service records to this service, and it’s believed that some of these accounts were stolen. The hackers posted the information on the Raidforums hacking forum and offered the information for download for free.

According to Bleeping Computer, the data dump was posted online by a malicious agent known as “pompompurin”. The motives of the attacker are not clear. However, he did not seem to be in search of money, as the files were uploaded in a slow manner and didn’t ask for payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These photos could be used to carry out spear attack on phishing or other phishing.

Security researchers searching the Internet for databases that aren’t secure have discovered massive databases of data on 3.2 million DriveSure customers. The breach involves 91 MySQL databases that contain detailed inventory and dealership details and revenue data, as well as reports and claims along with PII and 93,063 bcrypt encrypted passwords.

The company claims to be working with Microsoft to correct the flaw. It’s not yet clear if the company will be able to roll a patch for the various smaller systems that run the old version of Accellion’s FTA software.

Leave a Reply

Your email address will not be published. Required fields are marked *