If you’re a dealership owner or in the automotive industry, chances are you’ve used a service called drivesure to train your employees to help them sell and retain customers. Many customers have provided their full names, address, phone numbers, emails, vehicle VINs, and service records to this service and it’s believed that some of these accounts have been stolen. Hackers made public the details on the Raidforums forum in the last week and provided it for free.
The dump of data was uploaded by a threat actor known as “pompompurin,” according to Bleeping Computer news service. The attacker’s motive is unknown however, he appeared not to be seeking money as the data was uploaded in a slow manner and didn’t solicit any payment.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These images could be used in spear attack on phishing or other phishing.
Researchers looking on the Internet for poorly protected databases discovered a massive database with information on 3.2 million DriveSure clients. The breach includes more than 91 MySQL databases that include detailed dealership and inventory information as well as revenue data, reports and claims as well as PII and 93,063 hashed passwords in bcrypt.
The company says it’s working with Microsoft to get the flaw fixed. It’s not clear yet whether the company will be able to get an update to the numerous smaller systems which use the older version Accellion’s FTA.