The personal data of millions of American car owners who subscribe to an assistance program for roadside emergencies offered by drivesure, a company, is available online after a cybercriminal unlawfully hacked the firm and dumped a variety of sources of its databases on hacking forums. A security vendor researcher Risk Based Security spotted the databases on raidforums cracking forum past due last month and reported them to drivesure this week. The databases include names, addresses the numbers of cell phones, electronic mails as well as details about vehicles owned by customers which include their VIN number, model and production. The breach also contained more than 93,000 bcrypt hashed passwords which are commonly used to secure the data stored in a secure application. These hashes are still vulnerable to brute force if an attacker spends a long time running scripts on them.

Drivesure is a supplier of services that aid dealers in building customer loyalty by utilizing data on their interactions. The business, based in Illinois, focuses on employee training programs as well as consumer retention among other things.

Thompson exploited an unpatched vulnerability in the cloud firewall configuration in order to bypass security measures within the company, and gain access to data buckets and directories. Thompson then uploaded her stolen data onto GitHub, and slowly updating the data as she continued to hack. It is unclear if she intended to make money through her attack. In the last few weeks, other notable targets were also targeted. They included Washington State unemployment claimants whose claims were affected by a breach in the third-party service that was used by an auditor, as well as employees of air charter company Solairus Aviation.

Leave a Reply

Your email address will not be published. Required fields are marked *