Drivesure Data Breach Revealed
The personal data of millions of American car owners who subscribe to an assistance program for roadside emergencies offered by the drivesure company is made public after a hacker illegally breached the firm and smuggled multiple vpnversed.com/board-portal-increases-performance/ sources of its databases on forums for hackers. A security vendor researcher Risk Based Security spotted the databases on the raidforums forum for cracking past due last month and reported them to drivesure this week. The databases contain names, deal with mobile phone numbers, electronic mails, as well as information about vehicles owned by customers such as their model, VIN numbers and their produce. The breach also contained more than 93,000 encrypted passwords using bcrypt, which are generally used to protect data stored by an application that is secure. These hashes are still possible to be manipulated if an attacker runs scripts for hours on them.
Drivesure provides services that help car dealers build loyalty to their customers by utilizing data on their interactions. The Illinois-based company concentrates on employee retention and customer training programs, among others.
Thompson used a vulnerability that was unpatched in the cloud firewall configuration to circumvent security measures at the company, and gain access to data buckets and directories. She then uploaded her stolen data on GitHub and then gradually updated the information as she continued to hack. It is not clear if she planned to make a profit from her hacking spree. In the last few weeks, other high-profile targets were also targeted. This included Washington State unemployment claimants who were affected by a breach of a third-party system utilized by an auditor and employees of the air charter company Solairus Aviation.