Drivesure Data Breach Revealed

The personal details of millions of American motorists who sign up to an assistance program for roadside emergencies offered by drivesure, a company, is being made available online after a cybercriminal hacked the firm and dumped a variety of sources of its databases on forums for hackers. A security researcher from the vendor Risk Based Security discovered the raidforums database on the cracking forums past due last month, and sent them to Drivesure this week. The databases include names, deals with the volume of cellular phone calls and electronic mails as well as data about vehicles of customers, which includes their make, model and VIN numbers, along with service records and damage claims. The breach also contained 93,000 passwords encrypted with bcrypt, which are used to protect information stored by secure software. These passwords remain possible to be manipulated if an attacker runs scripts for hours on them.

Drivesure is a service provider that assists car dealerships in building loyalty among customers by leveraging data about their interactions with customers. The Illinois-based business concentrates on employee training programs as well as consumer retention among other things.

Thompson exploited the vulnerability in the cloud firewall configuration to bypass security measures in place at the company and access folders and data buckets. She then uploaded her stolen data on GitHub and gradually updated the information as she continued to hack. Whether she was trying to make money from her attack isn’t clear. In the last few weeks, several other prominent targets were also targeted. This included Washington State unemployment claimants whose claims were affected by a security breach that occurred in the third-party service that was used by an auditor, as well as employees of air charter company Solairus Aviation.