Drivesure Data Breach Revealed

Drivesure Data Breach Revealed

The personal data of millions of American car owners who have signed up to a roadside assistance service offered by drivesure, a company, is available online after a cybercriminal hacked the firm and smuggled multiple sources of its databases on hacking forums. A security researcher from the vendor Risk Based Security discovered the raidforums databases on cracking forums overdue last month, and reported them to Drivesure this week. The databases contain names, addresses the volume of cellular phone calls and electronic mails. They also include data on the customers’ vehicles, which include their model, produce and VIN numbers, along with service records and damage claims. The breach also included 93,000 passwords encrypted with bcrypt, which are typically used to protect data that is stored by secure software. These passwords remain vulnerable to brute force if an attacker runs scripts for hours on them.

Drivesure is a service company that helps car dealerships increase customer loyalty by leveraging data about their interactions with customers. The company is based in Illinois and focuses on employee retention and consumer training programs, among other things.

Thompson exploited a flaw that was unpatched in the cloud firewall configuration to bypass security measures at the company and gain access to directories and data buckets. Thompson then uploaded her stolen data to GitHub and then gradually updated the information as she continued to hack. The question of whether she was trying to earn money from her attack is not clear. In the last few weeks, other high-profile targets were also targeted. This included Washington State unemployment claimants, who were impacted by a security breach that occurred in a third-party system used by an auditor and employees of air charter company Solairus Aviation.

No hay comentarios

Escribe un comentario