Drivesure, a car dealership service provider, was hit with a data breach last December that led to 26GB of personal information being downloaded and shared on hacking forums. The stolen data set included names of addresses, phone numbers and addresses of 3.2 million customers as well as text message and emails between buyers and sellers vehicles, VINs of their vehicles and service records. More than 93, 000 Bcrypt hashed passwords were released. While bcrypt is considered stronger than other strategies, such as SHA1 and MD5, the hashes can still be hacked once they have been downloaded, according to Risk Based Security reports.
In a lengthy post on Raidforums the hacker “pompompurin” provided details of the leak of user information and files. This is unusual because hackers usually share only valuable portions or reduced versions of the databases they have uncovered.
The database was exposed as a result of a misconfiguration error in an AWS bucket that was used by the company according to CISO Magazine. The AWS bucket was left unprotected, which allowed anyone to access the contents and data. This included over 1 million email addresses in plain text, as well as passwords encrypted using bcrypt.
The breach is a major worry for those who utilize drivesure because they are at risk of becoming victims of identity theft or fraud when their information is stolen. Those who use the site should immediately change their passwords. They should also think about changing their login credentials on other websites where they use the exact same credentials.
vpnversed.com/the-benefits-of-ai-based-data-software-and-how-its-different-from-traditional-one/