Drivesure, a provider of car dealership services, suffered a data infringement last December that led to 26GB of private data being downloaded and shared on hacking forums. The stolen data set contained names address, numbers and addresses of browse around these guys 3.2 million customers and also text messages and emails between buyers and sellers, vehicle VINs and service records. In addition, more than 93 000 hashed passwords for bcrypt were released. While bcrypt is thought to be more secure than the older methods like MD5 and SHA1, MD5, the hashes can still be brute-forced after they have been downloaded, according to Risk Based Security reports.
Hacker “pompompurin” described the leaked data and user details in a lengthy blog post on Raidforums. This is unusual, considering that hackers usually only share valuable segments or trimmed-down versions of the databases they’ve discovered.
The database was exposed because an error in configuration in an AWS bucket used by the company according to CISO Magazine. The AWS bucket was left unprotected, allowing anyone to gain access to the contents and data. This included more than a million email addresses in plain text, as well as passwords encrypted using Bcrypt.
Drivesure users should be concerned about the breach, as they could be victims of fraud or identity theft when their personal information is stolen. Users of the site are advised to change their passwords as soon as they can. Additionally, they should consider changing their login information on other websites using the same credentials.
