Seleccionar página

Drivesure, a car dealership service provider, experienced an attack on its database in December of last year. The result was that 26GB of private data was downloaded and shared on hacking forums. The data set that was hacked contained names of addresses, phone numbers and addresses of 3.2 million buyers and also text messages and emails between traders and their customers VINs of vehicles and service records. Also, more than 000 hashed bcrypt passwords were released. While bcrypt is considered stronger than other strategies, such as MD5 and SHA1, MD5 but the hashes could still be used to brute-force passwords after they are downloaded, Risk Based Security reports.

In a long post on Raidforums the hacker «pompompurin» described the information leaked by users and files. This is atypical, since hackers usually only share valuable parts or trimmed-down versions the databases that they have found.

The database was accessed because of a misconfiguration error in an AWS bucket used by the company according to CISO Magazine. The AWS bucket had been left unprotected, allowing anyone to gain access to it and its contents. This included over one million email addresses in plaintext, as were passwords that were encrypted using bcrypt.

The breach is of major worry for those who utilize drivesure, because they are at risk of becoming victims of identity theft or fraud when their information is stolen. Anyone who uses the site should change their passwords immediately. They should also consider changing their login credentials on other websites using the same credentials.