Drivesure Data Breach
You may have used drivesure to help your staff increase sales and retain customers when you own a car dealership or work in the automotive industry. Thousands of customers have provided their full names, addresses, phone numbers emails, addresses, vehicle VINs and service records to the service and it’s been reported that some of those accounts were http://vpnversed.com/the-benefits-of-ai-based-data-software-and-how-its-different-from-traditional-one/ hacked. Last month, hackers published that information on the Raidforums hacking forum, allowing the information for download for free.
According to Bleeping Computer, the data dump was uploaded by a threat actor known as “pompompurin”. The motive behind the attack is unclear however, he appeared not to be in search of money since he uploaded the data in a slow manner and didn’t request any payments.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” The photos could be used to perpetrate phishing and spear phishing attempts.
Researchers searching the Internet for databases with weak security discovered a massive database containing information on 3.2 million DriveSure clients. The breach affects 91 MySQL database that contains detailed inventory and dealership details including revenue data, claims and reports, as well as PII, and 93 063 bcrypt hashed credentials.
The company claims it’s working with Microsoft to get the issue fixed. It’s not known whether the company will be able to get a patch to the many smaller systems which use the earlier version of Accellion’s FTA.