Seleccionar página

If you’re a car dealership owner or in the automotive industry, it’s likely you’ve used a program called drivesure to help train your employees on how to attract and keep customers. Many customers gave their full names, address, phone numbers, emails as well as VINs of their vehicles and service records to this service and it’s believed that some of these accounts were hacked. Late last month, hackers posted that information on the Raidforums hacking forum, offering the data for download for free.

According to Bleeping Computer, the data dump was posted online by a malicious agent known as «pompompurin». The attacker’s motive is unknown however, he didn’t appear to be seeking money as the data was uploaded slowly and didn’t request any payments.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked «backup» and in a separate folder called «AccreditationPhotos.» These images could be used to carry out spear phishing or phishing attacks.

Researchers searching the Internet for poorly protected databases discovered a massive database containing information on 3.2 million DriveSure clients. The breach includes nineteen MySQL databases that contain extensive inventory and dealership information as well as revenue data, reports and claims and also PII and 93,063 bcrypt hashed passwords.

The company claims to be working with Microsoft to have the flaw fixed. It’s not yet clear whether the company can issue a patch for the many smaller systems that run the older version of Accellion’s FTA.