DriveSure Data Infringement

DriveSure, an organization that helps car dealerships sell off and retain customers, experienced 3. 2 million consumer records released this month. Hackers illegally acquired the data and posted this to multiple hacking message boards. The data was offered for free and included names, handles, phone numbers and emails and also vehicle VIN numbers, service records and damage statements. The data also included information by large corporate accounts and military contact information.

The attackers released a 22GB folder that made up of the DriveSure MySQL sources, which subjected 91 delicate databases. The database dispose of was combined with PII, destruction cases, expanded car facts and supplier and guarantee info and over 93, five-hundred bcrypt hashed account details, Risk Based Reliability explained in a blog post on January 4. While security advisors consider bcrypt safer than SHA1 or MD5, it can nevertheless be brute-forced with sufficient computing power.

The attackers shared the repository Click Here on Raidforums late last month within the username “pompompurin. ” They wrote a lengthy content to explain as to why they were writing the data, a behavior that is uncommon meant for hackers. Commonly, they only share important segments or perhaps trimmed straight down versions of user sources.