Drivesure Data Breach Revealed

After a cybercriminal illegally hack the company, and dump numerous databases of the firm on hacking forums, the personal details of millions of American automobile owners who enrolled to a roadside service program provided by drivesure is accessible online. A researcher from the security vendor Risk Based Security discovered the raidforums databases on cracking forums past due last month, and sent them to Drivesure this week. The databases include names, deals with, cellular phone volumes and electronic mails as well as information on vehicles of customers, which includes their produce, model and VIN number along with service records and damage claims. The breach also contained 93,000 passwords that were encrypted using bcrypt. These are typically used to safeguard data stored by a secure application. However, these passwords could be forced by brute force if a bad actor spends days running scripts against them.

Drivesure provides services that aid car dealers to build loyalty with their customers by utilizing data about their interactions. The Illinois-based business concentrates on employee training programs and consumer retention, among other things.

Thompson used a vulnerability that was unpatched in the cloud firewall configuration in order to bypass security measures in the company and gain access to data buckets and directories. She then uploaded the stolen data to GitHub and slowly updated it while she continued her hacking spree. Whether she was trying to make money from her attack is not clear. In the past few weeks, several other prominent targets were also targeted. They included Washington State unemployment claimants that were affected by a breach in a third-party system used by an auditor as well as employees of the air charter company Solairus Aviation.

Leave a Reply