Drivesure Data Breach

Drivesure Data Breach

You might have utilized drivesure as a tool to train your staff to bring in and keep clients If you own a vehicle dealership or work in the auto industry. Millions of customers have provided their full names, addresses, phone numbers emails, addresses, vehicle VINs and service records to the service and it appears that some of those accounts were hacked. Hackers posted the information on the Raidforums forum late last month and made it available for free.

The data dump was posted by a threat actor known as “pompompurin,” according to Bleeping Computer news service. The attacker’s motivation is unknown. However the attacker did not appear to be seeking money since the files were uploaded in a slow manner and did not request payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These photos could be used to carry out spear attack of phishing or phishing.

Researchers looking on the Internet for databases that are not secure discovered a massive database with details about 3.2 million DriveSure clients. The breach involves 91 MySQL database that includes detailed dealership and inventory data, revenue data, reports and claims as well as PII, and 93 063 encrypted credentials in bcrypt.

The company claims it’s working with Microsoft to fix the problem. But it’s not clear whether the company can get an update for the many smaller systems that run the older version of Accellion’s FTA software.