You might have utilized drivesure as a tool for training your staff to sell and retain clients in the event that you own a car dealership or work in the automotive industry. Many customers gave their full names, addresses telephone numbers, email addresses as well as VINs of their vehicles and service records to this service and it’s believed that some of these accounts were hacked. Hackers released the information on the Raidforums forum in the last week and offered it for free.
The data dump was shared by a threat-maker known as “pompompurin,” according to Bleeping Computer news service. The motive behind the attack is unclear. However, he did not seem to be looking for money as the files were uploaded slowly and did not ask for payment.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These images could be used to perpetrate phishing and spear phishing attacks.
Researchers searching the Internet for databases that are not secure found a massive database containing information about 3.2 million DriveSure clients. The breach affects 91 MySQL database, which contains detailed inventory and dealership data, revenue data, claims and reports along with PII and 93 063 bcrypt hashed credentials.
The company claims to be working with Microsoft to correct the flaw. However, it’s not certain if the company can get a patch for the many smaller systems running the older version of Accellion’s FTA software.