Drivesure Data Breach

You might have utilized drivesure as a tool for training your staff to attract and keep customers If you own a vehicle dealership or work in the auto industry. Many customers have submitted their full names, addresses, phone numbers emails, addresses, vehicle VINs, and service records to the company and it appears that some of those accounts were taken. The hackers published that information on the Raidforums hacking forum, offering it for free download.

According to Bleeping Computer, the data dump was posted online by a malicious agent known as “pompompurin”. The attacker’s motivation is unknown. However it is clear that he was not to be after money as the files were uploaded slowly and did not ask for payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in vpnversed.com/the-benefits-of-ai-based-data-software-and-how-its-different-from-traditional-one/ a separate folder called “AccreditationPhotos.” Those photos could be used for phishing and spear phishing attacks.

Researchers looking on the Internet for databases that are not secure discovered a massive database that contains details about 3.2 million DriveSure clients. The breach includes nineteen MySQL databases that contain extensive dealership and inventory information and revenue data, as well as reports and claims, as well as PII and 93,063 encrypted passwords.

The company says it’s working with Microsoft to get the issue fixed. It’s unclear if the company can get an update to the numerous smaller systems which use the older version of Accellion’s FTA.