After a cybercriminal hacked the company and dump multiple databases onto hacking forums, the personal details of millions of American car owners who signed up to a roadside assistance program provided by drivesure is now accessible online. A researcher from the security vendor Risk Based Security discovered the raidforums database on the cracking forums overdue last month, and informed Drivesure of the issue this week. The databases contain names, deal with cell phone numbers, electronic mails, as well as information about vehicles owned by customers which include their model, VIN number and production. The breach also included 93,000 bcrypt passwords that are typically used to protect the data stored by secure software. These passwords remain possible to be manipulated if an attacker spends a long time running scripts on them.
Drivesure is a service company that assists car dealerships in building customer loyalty by leveraging information redirected here about their interactions with customers. The Illinois-based company concentrates on employee retention as well as consumer training programs, among other things.
Thompson exploited the vulnerability in the cloud firewall configuration to circumvent security measures in place at the company and access data buckets and folders. She then uploaded her stolen data on GitHub and gradually updated the information as she continued to hack. The question of whether she was trying to make money from the attack is unclear. In the last few weeks, other notable targets were also targeted. These included Washington State unemployment claimants that were affected by a security breach that occurred in the third-party service that was used by an auditor, as well as employees of air charter company Solairus Aviation.
Leave a Reply
Want to join the discussion?Feel free to contribute!