Drivesure Data Breach Revealed

After a cybercriminal hacked the company, and dump numerous databases of the firm onto hacking forums, the personal information of millions American motorists who signed up to a roadside assistance program that drivesure offers is now accessible online. A researcher at security vendor Risk Based Security spotted the database on the raidforums hacking forum past due last month and informed drivesure of the issue this week. The databases contain names, addresses, cellular phone volumes and electronic mails as well as data about customers’ vehicles, which include their model, produce and VIN number, as well as service records and damage claims. The breach also contained more than 93,000 bcrypt hashed passwords which are commonly used to secure data stored by an application that is secure. However, these passwords could be forced through brute force if bad actor spends days running scripts against them.

Drivesure provides services that help car dealers build loyalty to their customers through the use of data on their interactions. The company is based in Illinois and focuses on employee retention as well as consumer training programs, among other things.

Thompson used a vulnerability that was unpatched in the cloud firewall configuration to bypass security measures within the company, and gain access to directories and data buckets. She then uploaded the stolen data to GitHub and slowly updated it as she continued to hack. It is unclear if she was attempting to earn money from her attack is unclear. Other high-profile targets have been targeted in recent weeks including unemployment claimants in Washington state who were snared in a breach of an unnamed third-party software system used by the auditor, and employees at air charter firm Solairus Aviation.

check this

Leave a Reply