Drivesure Data Breach
Car dealership service provider drivesure was the victim of a data breach in December, which resulted in 26GB of private data being downloaded and shared on hacking forums. The stolen data set included names of addresses, phone numbers and addresses of 3.2 million customers as well as text messages and email messages between buyers and sellers, vehicle VINs and service records. Also, more than 93 000 hashed passwords for bcrypt were released. While bcrypt hashes can be considered superior to traditional methods such as SHA1 and MD5 However, they could be used to force brute-force after downloading, according to Risk Based Security.
In a long post on Raidforums the hacker "pompompurin", detailed the leaked user information and files. This is unusual, as hackers usually only share important fragments or reduced versions of the databases they have uncovered.
According to CISO Magazine, the database was exposed due to a mistake in an AWS bucket that was being used by the company. The AWS bucket had been left unprotected, allowing anyone to access it and its contents. This included more than one million email addresses stored in plain text, as well as passwords encrypted with Bcrypt.
Drivesure users should be concerned about the breach as they may become victims of identity theft or fraud if their data is stolen. Those who use the site should change their passwords immediately. They should also consider changing their login credentials on other websites using the same credentials.drivesure data breach