Drivesure Data Breach

Drivesure, a car dealership service provider, was hit with a data breach last December that resulted in 26GB of private information being downloaded and distributed on forums for hackers. The stolen data set contained names of addresses, phone numbers and addresses of 3.2 million buyers and also text messages and email messages between customers and traders VINs of vehicles and service records. More than 93, 000 Bcrypt passwords that were hashed were also released. Although bcrypt is regarded as stronger than older strategies like MD5 and SHA1, MD5 The hashes can still be used to brute-force passwords after they are downloaded, according Risk Based Security reports.

In a long post on Raidforums, hacker “pompompurin” explained the leaked user information and files. This is atypical, since hackers typically only share valuable portions or cut-down versions of the databases they’ve found.

According to CISO Magazine, the database was exposed because of a configuration error in an AWS bucket that was used by the company. The AWS bucket was left unprotected, which allowed anyone to access it and its contents. This included more than 1 million email addresses in plaintext, as were passwords secured using Bcrypt.

Drivesure users should be worried about the breach since they could be the victims of fraud or identity theft in the event that their personal information is stolen. Those who use the site must change their passwords as soon as possible. They should also think about changing their login credentials on other websites using the same credentials.