Posted on Leave a comment

DriveSure Data Infringement

DriveSure, a company that helps car dealerships sell and hold on to customers, acquired 3. two million client records released this month. Online hackers illegally obtained the data and posted it to multiple hacking message boards. The data was offered at no cost and included names, includes, phone numbers and emails along with vehicle VIN numbers, service records and damage demands. The data included as well information coming from large company accounts and military addresses.

The attackers released a 22GB folder that made up of the DriveSure MySQL databases, which uncovered 91 hypersensitive databases. The database drop was accompanied by PII, destruction cases, prolonged car specifics and dealer and warrantee info and also 93, five-hundred bcrypt hashed accounts, Risk Established Reliability stated in a blog post on January 4. Whilst security pros consider bcrypt more secure than SHA1 or MD5, it can nevertheless be brute-forced with sufficient processing power.

The attackers released the repository upon Raidforums overdue last month within the username “pompompurin. ” They wrote a lengthy post to explain for what reason they were writing a comment the data, a behavior that’s uncommon intended for hackers. Commonly, they only share beneficial segments or trimmed straight down versions of user databases.

Leave a Reply

Your email address will not be published. Required fields are marked *