October 12th, 2023
Author: Simon Schaffer
Drivesure Data Breach
If you’re a car dealer owner or are in the automotive industry, chances are you’ve used a service called drivesure to help train your employees to help them sell and retain customers. Millions of customers have supplied their full names, addresses, telephone numbers and email addresses, as well as their vehicle VINs and service records to the company and it’s possible that some of those accounts were stolen. Late last month, hackers posted the information on the Raidforums hacking forum and offered it for download at no cost.
According vpnversed.com/ to Bleeping Computer, the data dump was uploaded online by a threat agent dubbed as “pompompurin”. The motives of the attacker are not clear. However the attacker did not appear to be in search of money, as he uploaded the files slowly and didn’t ask for payment.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These photos could be used to carry out spear attack on phishing or other phishing.
Security researchers searching the Internet for databases that aren’t secure have discovered massive databases of information on 3.2 million DriveSure customers. The breach affects nineteen MySQL databases that include detailed inventory and dealership details and revenue data, as well as reports and claims, as well as PII and 93,063 bcrypt encrypted passwords.
The company says it’s working with Microsoft to get the bug fixed. But it’s not clear whether the company will be able to get an update for the various smaller systems that are running the older version of Accellion’s FTA software.
The utopian dreams of Russian-style cybernetic communism could only be turned into everyday reality within the made-in-the-USA global village.
