After a cybercriminal hacks the company, and dump multiple databases onto hacking forums, personal information of millions American car owners who signed up to a roadside service provided by drivesure is now available online. A researcher from the security vendor Risk Based Security discovered the raidforums database on the cracking forums overdue last month, and sent them to Drivesure this week. The databases include names, deal with mobile phone numbers, electronic mails, as well as information about vehicles owned by customers, including their model, VIN number and their produce. The breach also contained 93,000 bcrypt vpnversed.com/data-room-software-for-creating-companies-wealth/ hashed passwords which are commonly used to secure data stored by an application that is secure. But these hashes can still be forced through brute force if bad actor has a long time running scripts against them.
Drivesure is a service provider that helps car dealerships increase customer loyalty by leveraging data about their interactions with customers. The Illinois-based business focuses on employee training programs as well as consumer retention among other things.
Thompson exploited a vulnerability in the configuration of cloud firewalls to bypass security measures at the company. She was able to gain access data buckets and folders. She then uploaded her stolen data to GitHub and then slowly updating the data as she continued to hack. It is unclear if she was attempting to make money off of her attack is unclear. In the past few weeks, other high-profile targets were also targeted. These included Washington State unemployment claimants whose claims were affected by a breach of a third-party system used by an auditor and employees of the air charter company Solairus Aviation.