Comments (0)
Drivesure Data Breach
Drivesure, a car dealership service provider, suffered a data infringement last December that resulted in 26GB of private information being downloaded and distributed on forums for hackers. The data set hacked included names address, addresses and phone numbers of 3.2 million buyers as well as emails and text messages between the clients of traders VINs of vehicles, as well as service records. Also, more than 000 hashed bcrypt passwords were released. Although bcrypt hashes are deemed more secure than traditional strategies like SHA1 or MD5, they can still be brute forced after downloading, reports Risk Based Security.
Hacker “pompompurin” disclosed the leaked files and user information in a lengthy post on Raidforums. This is unusual as hackers usually share only valuable parts or cut-down versions of databases they have discovered.
The database was leaked because of a configuration issue in an AWS bucket that was used by the company according to CISO Magazine. The AWS bucket had been left unprotected, which allowed anyone to gain access to the contents and data. This included more than one million email addresses in plaintext, as were passwords that were encrypted using the bcrypt encryption method.
The breach is of major worry for those who utilize drivesure, as they are likely to be victims of identity theft or fraud in the event that their personal information is stolen. Users of the site should immediately change their passwords. In addition, they should think about changing their login credentials on other sites that use the same credentials.
Recent Posts
Recent Comments
Archives
- April 2024
- January 2024
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- September 2015
- July 2015
LEAVE A REPLY
Your email address will not be published. Required fields are marked *