http://vpnversed.com/data-room-software-for-creating-companies-wealth/ Drivesure, a car dealership service provider, suffered a data infringement last December that resulted to 26GB of private information being downloaded and shared on forums for hackers. The hacked data set included names, addresses and phone numbers of 3.2 million customers as well as text message and email messages between buyers and sellers vehicles,
http://vpnversed.com/data-room-software-for-creating-companies-wealth/
Drivesure, a car dealership service provider, suffered a data infringement last December that resulted to 26GB of private information being downloaded and shared on forums for hackers. The hacked data set included names, addresses and phone numbers of 3.2 million customers as well as text message and email messages between buyers and sellers vehicles, VINs of their vehicles and service records. Also, more than 000 hashed passwords for bcrypt were made public. Although bcrypt is believed to be stronger than traditional strategies such as SHA1 and MD5, the hashes can still be brute-forced after they are downloaded, Risk Based Security reports.
In a lengthy blog post on Raidforums, hacker “pompompurin” explained the leaked user information and files. This is unusual, as hackers typically only share valuable sections or reduced versions of the databases that they have found.
According to CISO Magazine, the database was exposed because of a configuration error in an AWS bucket that was utilized by the company. The AWS bucket was left unprotected for months, which allowed anyone to access the database and its contents, including more than one million unique email addresses, as well as passwords stored in plaintext and secured using the bcrypt.
Drivesure users should be worried about the breach since they could be victims of identity theft or fraud if their information is stolen. Users of the site should immediately change their passwords. Also, they should think about changing their login information on other sites which use the same credentials.
Leave a Comment
Your email address will not be published. Required fields are marked with *