DriveSure is known as a training platform in order to car stores to build consumer loyalty. It has millions of customers that subscribe to its training and course material. They provide their titles, addresses, phone numbers and emails to the internet site.

In December 2020, DriveSure suffered a data breach which triggered 26GB of personal information becoming downloaded and shared on a cracking forum. This included three or more. 6 million unique email addresses, names, telephone numbers and physical addresses. Motor vehicle information was also subjected including makes, models, VIN numbers and odometer psychic readings.

The hackers made the DriveSure data available for free of charge on multiple hacking community forums, so it was freely attainable to any person. The attackers left a 22GB folder which contained DriveSure’s MySQL databases, revealing 91 hypersensitive databases.

PII was as part of the dump, along with damage cases, extended car details and dealer and warranty data. These were each and every one prime for exploitation simply by other hazard actors.

More than 93, 500 bcrypt hashed passwords were also made public. Though stronger than SHA1 and MD5, bcrypt passwords could be brute-forced when downloaded from a server, Risk Based Reliability explained.

Developing a poor username and password can allow an attacker to steal your details from the server, so is considered important to improve them as soon as possible. In addition , a fresh good idea to wipe hard drive on your computer system before getting rid of it in order to avoid any data from currently being accidentally or maliciously open. You can do this with a data destruction application or creating a fresh installation of the os.

Leave a Reply

Your email address will not be published. Required fields are marked *