DriveSure is actually a training program in order to car dealers to build client loyalty. It has an incredible number of customers that subscribe to their training and course material. They provide their brands, addresses, contact numbers and messages to the internet site.
In 12 2020, DriveSure suffered an information breach which lead to 26GB of personal information getting downloaded and shared on a hacking forum. This kind of included three or more. 6 million unique emails, names, cell phone numbers and physical addresses. Car or truck information was also uncovered including makes, models, VIN numbers and odometer psychic readings.
The cyber criminals made the DriveSure data available for free on multiple hacking forums, so it was freely accessible to any person. The attackers left a 22GB folder which usually contained DriveSure’s MySQL redirected here databases, exposing 91 sensitive databases.
PII was contained in the dump, and damage boasts, extended car details and dealer and warranty info. These were almost all prime intended for exploitation by other danger actors.
More than 93, 000 bcrypt hashed passwords were made public. Even though stronger than SHA1 and MD5, bcrypt passwords can easily still be brute-forced when downloaded from a server, Risk Based Reliability explained.
Aquiring a poor username and password can allow a great attacker to steal your details from the server, so it is very important to transformation them immediately. In addition , a fresh good idea to wipe hard drive on your desktop before disposing of it to avoid any data from becoming accidentally or maliciously open. You can do this by using a data break down method or making a fresh installing of the main system.