Drivesure, a car dealership service provider, was the victim of a data breach in December that led to 26GB of private information being downloaded and distributed on hacking forums. The data set hacked included names addresses, addresses, and phone numbers of 3.2 million customers and also texts and emails between clients and traders as well as vehicle VINs and service records. More than 93, 000 bcrypt passwords have been made public. While bcrypt hashes are considered superior to older methods such as SHA1 and MD5, they can still be brute forced after downloading, according to Risk Based Security.
In a lengthy post on Raidforums, hacker “pompompurin” provided details of the leaked user information and files. This is unusual since hackers usually share only valuable portions or reduced versions of databases they’ve found.
The database was exposed as a result of a misconfiguration error in an AWS bucket used by the company, according to CISO Magazine. The AWS bucket was left unprotected, which allowed anyone to gain access to it and its contents. This included more than one million email addresses in plaintext, as well passwords that were encrypted using bcrypt.
The breach is a major concern for those who use drivesure, because they are more likely to be victims of identity theft or fraud if their details are stolen. Users vpnversed.com/data-rooms-comparison-for-the-best-choice/ of the site are advised to change their passwords as soon as they can. They should also consider changing their login credentials on other websites using the exact same credentials.
