Seite wählen

If you’re a dealer owner or in the automotive industry, it’s likely you’ve used a service called drivesure to help train your employees on how to attract and keep customers. Millions of customers provided their full names, addresses and phone numbers, as well as emails along with vehicle VINs and service records to this service and it’s believed that some of these accounts were hacked. Hackers released the information on the Raidforums forum in the last week and then offered it to the public for free.

According to Bleeping Computer, the data dump was made public by a threat agent known as „pompompurin“. The motives of the attacker are not clear. However, he did not seem to be looking for money as the files were uploaded slowly and did not ask for payment.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked „backup“ and in a separate folder called „AccreditationPhotos.“ Those photos could be used for phishing and spear phishing attacks.

Security researchers searching the Internet for poorly secured databases have discovered a massive database of information on 3.2 million DriveSure customers. The breach involves 91 MySQL database that contains extensive inventory and dealership information and revenue data, as well as claims and reports as well as PII, and 93 063 bcrypt hashed credentials.

The company says it’s working with Microsoft to get the bug fixed. It’s not known whether the company will be able to get an update to the numerous smaller systems that are using the older version of Accellion’s FTA.