Nessun commento

Drivesure Data Breach

If you’re a dealer owner or work in the automotive industry, chances are you’ve used a tool called drivesure to train your employees to help them sell and retain customers. Millions of customers have provided their full names, addresses, telephone numbers, email addresses, vehicle VINs, and service records to the service and it appears that some of those accounts were hacked. Last month, hackers posted that information on the Raidforums hacking forum, allowing the data for download for free.

According to Bleeping Computer, the data dump was posted online by a malicious agent known as “pompompurin”. The motive behind the attack is unclear. However it appears that he didn’t appear to be seeking money since the files were uploaded in a slow manner and didn’t ask for payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These images could be used in spear attack on phishing or other phishing.

Researchers searching the Internet for poorly protected databases discovered a massive database that contains information about 3.2 million DriveSure clients. The breach includes more than 91 MySQL databases that include detailed inventory and dealership information as well as revenue data, reports and claims, as well as PII and 93,063 hashed passwords in bcrypt.

The company has said it’s working with Microsoft to have the flaw fixed. It’s not clear yet what the company’s chances of getting a patch for the many smaller systems that run the older version of Accellion’s FTA.

board portal software