If you’re a dealer owner or are in the automotive industry, it’s likely you’ve used a program called drivesure to train your employees to sell and retain customers. Millions of customers have provided their full names, addresses and phone numbers, as well as emails, vehicle VINs, and service records to this service, and it’s been reported that some of these accounts were taken. Late last month, hackers posted that information on the Raidforums hacking forum, allowing the data for download for free.
The data dump was shared by a threat actor referred to as “pompompurin,” according to Bleeping Computer news service. The attacker’s motivation is unknown. However it appears that he didn’t appear to be after money as the files were uploaded slowly and did not solicit payment.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These photos vpnversed.com/windscribe-review/ could be used in spear attack of phishing or phishing.
Researchers looking on the Internet for poorly protected databases found a massive database containing information about 3.2 million DriveSure clients. The breach involves more than 91 MySQL databases that contain extensive dealership and inventory information as well as revenue data, reports and claims, as well as PII and 93,063 bcrypt hashed passwords.
The company claims it’s working with Microsoft to get the flaw fixed. It’s not known if the company can get a patch for the many smaller systems that are using the older version of Accellion’s FTA.