No Comments

Drivesure Data Breach Revealed

After a cybercriminal hacks the company, and dump multiple sources of its databases onto hacking forums, the personal information of millions American motorists who signed up to a roadside services program that drivesure offers is now available online. A researcher from the security vendor Risk Based Security discovered the raidforums database on the cracking forums past due last month, and alerted Drivesure this week. The databases include names, deal with the numbers of cell phones, electronic mails, as well as information about vehicles owned by customers such as their model, VIN numbers and the produce. The breach also included 93,000 bcrypt passwords, which are commonly used to secure the data stored by secure applications. However, these passwords could be forced by brute force if a criminal is able to run scripts against them.

Drivesure provides services that helps car dealers build loyalty to their customers by using information about their interactions. The Illinois-based company concentrates on employee retention and consumer training programs, among other things.

Thompson exploited the vulnerability in the cloud firewall configuration to get around vpnversed.com/ security measures that are in place at the company and access folders and data buckets. Thompson then uploaded her stolen data on GitHub and then gradually updated the information as she continued to hack. It is not clear if she planned to make a profit from her attack. In the past few weeks, other prominent targets were also targeted. These included Washington State unemployment claimants who were affected by a security breach in a third-party service that was used by an auditor, as well as employees of air charter company Solairus Aviation.

Comments (0)