DriveSure is mostly a training system that helps car stores to build buyer loyalty. It has an incredible number of customers that subscribe to the training and course material. They give their titles, addresses, contact numbers and electronic mails to the site.
In Dec 2020, DriveSure suffered a data breach which led to 26GB of personal information being downloaded and shared on a hacking forum. This included four. 6 million unique emails, names, phone numbers and physical addresses. Car information was also exposed including makes, models, VIN numbers and odometer readings.
The cyber criminals made the DriveSure info available for free on multiple hacking community forums, so it was freely available to any person. The attackers broke up with a 22GB folder which will contained DriveSure’s MySQL is Windscribe safe databases, subjecting 91 sensitive databases.
PII was as part of the dump, and damage cases, extended car details and dealer and warranty data. These were all of the prime meant for exploitation by simply other risk actors.
More than 93, 000 bcrypt hashed passwords were made public. Even though stronger than SHA1 and MD5, bcrypt passwords can still be brute-forced when downloaded from a server, Risk Based Secureness explained.
Aquiring a poor username and password can allow an attacker to steal your data from the hardware, so is considered important to alter them as quickly as possible. In addition , it’s a good idea to wipe the hard drive on your hard drive before getting rid of it to avoid any data from currently being accidentally or maliciously uncovered. You can do this simply using a data break down software or making a fresh installation of the os.