Drivesure Data Breach

If you’re a dealer owner or in the automotive industry, it’s likely you’ve used a program called drivesure to train your employees to help them sell and retain customers. Millions of customers provided their full names, address telephone numbers, email addresses along with vehicle VINs and service records to this service and it’s possible that some of these accounts were stolen. Hackers made public the details on the Raidforums forum in the last week and then offered it to the public for free.

According to Bleeping Computer, the data dump was uploaded online by a threat actor known as “pompompurin”. The motive of the attacker is not known. However it appears that he didn’t appear to be after money as the files were uploaded slowly and did not ask for payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These photos could be used to carry out spear attack of phishing or phishing.

Researchers looking on the Internet for poorly protected databases discovered a massive database containing details on 3.2 million DriveSure clients. The breach involves 91 MySQL database that contains detailed dealership and inventory data and revenue data, as well as claims and reports along with PII, and 93 063 encrypted credentials in bcrypt.

The company claims to be working with Microsoft to correct the flaw. It’s not yet clear whether the company can issue an update to the numerous smaller systems that run the older version of Accellion’s FTA.

Leave a Reply

Your email address will not be published. Required fields are marked *