Drivesure Data Breach Revealed

After a cybercriminal illegally hack the company, and dump multiple sources of its databases on hacking forums, the personal details of millions of American car owners who subscribed to a roadside services program provided by drivesure is now accessible online. A researcher at security vendor Risk Based Security spotted the database on the raidforums hacking forum past due last month and reported them to drivesure this week. The databases include names, addresses, cellular phone numbers and electronic mails along with information on the vehicle of customers such as their model, VIN number, and produce. The breach also contained 93,000 bcrypt passwords that are commonly used to secure the data stored by secure software. These passwords are still vulnerable to brute force if an attacker spends a long time running scripts on them.

Drivesure is a company that provides services that aid car dealers build loyalty to their customers through the use of information about their interactions. The business, based in Illinois, focuses on employee training programs and customer retention, among other things.

Thompson exploited a cloud firewall configuration vulnerability to bypass security measures that are in place within the company and gain access data buckets and folders. She then uploaded the stolen data to GitHub and gradually updated it as she continued her hacking spree. Whether she was trying to make money off of her attack is not clear. In the last few weeks, other high-profile targets were also targeted. These included Washington State unemployment claimants who were affected by a security breach in a third-party service used by an auditor as well as employees of air charter company Solairus Aviation.

Leave A Comment

Your email address will not be published. Required fields are marked *