DriveSure Data Infringement

DriveSure, an organization that helps car dealerships sell off and sustain customers, acquired 3. two million consumer records released this month. Cyber-terrorist illegally obtained the data and posted it to multiple hacking forums. The data was offered for free and included names, address, phone numbers and emails and vehicle VIN numbers, documents and damage remarks. The data included as well information from large company accounts and military tackles.

The attackers released a 22GB folder that comprised of the DriveSure MySQL directories, which open 91 sensitive databases. The database get rid of was combined with PII, destruction cases, expanded car facts and supplier and guarantee info and also 93, 500 bcrypt hashed security passwords, Risk Based upon Reliability said in a post on January 4. Whilst security professionals consider bcrypt more secure than SHA1 or MD5, it can nevertheless be brute-forced with sufficient processing power.

The attackers printed the databases about Raidforums late last month underneath the username “pompompurin. ” They will wrote a lengthy post to explain how come they were placing the data, a behavior that’s uncommon just for hackers. Commonly, they just share helpful segments or trimmed down versions of user directories.