DriveSure Data Breach

DriveSure is mostly a training system in order to car dealerships to build client loyalty. It has many customers that subscribe to their training and course material. They provide their labels, addresses, telephone numbers and e-mails to the site.

In 12 , 2020, DriveSure suffered an information breach which lead to 26GB of private information staying downloaded and shared on a hacking forum. This included 3. 6 million unique email addresses, names, contact numbers and physical addresses. Vehicle information was also subjected including makes, models, VIN numbers and odometer readings.

The hackers made the DriveSure data available for no cost on multiple hacking discussion boards, so it was freely attainable to any person. The attackers left a 22GB folder which contained DriveSure’s MySQL databases, subjecting 91 very sensitive databases.

PII was contained in the dump, along with damage demands, extended car details and dealer and warranty details. These were each and every one prime pertaining to exploitation by other threat actors.

Over 93, 500 bcrypt hashed passwords were also made public. Though stronger than SHA1 and MD5, bcrypt passwords can easily still be brute-forced when downloaded from a server, Risk Based Security explained.

Creating a poor username and password can allow a great attacker of stealing important computer data from the machine, so it could be important to improve them at the earliest opportunity. In addition , a fresh good idea to wipe hard drive on your pc before disposing of it to avoid any data from currently being accidentally or perhaps maliciously subjected. You can do this by using a data destruction application or setting up a fresh installation of the operating system.