Drivesure, a provider of car dealership services, suffered a data infringement last December that led to 26GB of private information getting downloaded and distributed on hacking forums. The stolen data set contained names as well as addresses and phone numbers of 3.2 million buyers as well as text message and emails between the customers of the traders vehicles, VINs of their vehicles and service records. More than 93, 000 Bcrypt passwords have been made public. Although bcrypt is believed to be stronger than the older methods like SHA1 and MD5 but the hashes could still be hacked once they are downloaded, according to Risk Based Security reports.
Hacker “pompompurin” disclosed the leaked user data and files in a lengthy post on Raidforums. This is unusual as hackers usually only share important fragments or reduced versions of the databases they have discovered.
The database was leaked because of a configuration issue in an AWS bucket that was used by the company, according to CISO Magazine. The AWS bucket was left unprotected for a period of time and anyone was able to access the database and its contents, including more than one million unique email addresses as well as passwords stored in plaintext and secured using the bcrypt.
The breach is a major concern for people who use drivesure, since they are at risk of becoming victims of identity fraud or theft in the event that their personal information is stolen. Anyone who uses the site should immediately change their passwords. They should also think about changing their login credentials on other websites that require the exact same credentials.
vpnversed.com/data-room-software-for-creating-companies-wealth/
Leave a Reply