Drivesure Data Breach

25 Oct Drivesure Data Breach

Drivesure, a dealership service provider, was hit by a data breach in December of last year. The result was that 26GB of private information was downloaded and then shared via hacking forums. The data set hacked included names of addresses, addresses, as well as phone numbers of 3.2 million buyers and sellers, as well as messages sent via email and text messages between traders and their clients vehicles, VINs of their vehicles, and service records. More than 93, 000 bcrypt hashed passwords were made public. Although bcrypt is regarded as stronger than traditional strategies such as MD5 and SHA1, MD5 but the hashes could still be used to brute-force passwords after they have been downloaded, according to Risk Based Security reports.

In a lengthy post on Raidforums the hacker «pompompurin» described the leaked user’s information and files. This is unusual since hackers typically only share valuable segments or trimmed down versions of the databases they have found.

According to CISO Magazine, the database was exposed because of a configuration error in an AWS bucket that visit this site right here was used by the company. The AWS bucket was not secured for months and allowed anyone to access the database and its contents, including over one million unique email addresses, as well as passwords that were stored in plaintext. The passwords were encrypted using the bcrypt.

The breach is a significant concern for those who use drivesure, as they could be victims of identity theft or fraud if their personal details are stolen. Users of the site are advised to change their passwords as fast as possible. In addition, they should think about changing their login details on other sites where they use the same credentials.