0936211399 HOTLINE You may have utilized drivesure as a tool for training your staff to increase sales and retain customers If you own a vehicle dealership or work in the automotive industry. Many customers have provided their full names, addresses number, phone numbers, emails along with vehicle VINs and service records to this service, and it’s believed that some of these accounts have been stolen. Hackers posted the information on the Raidforums forum late last month and provided it for free.
According to Bleeping Computer, the data dump was uploaded by a threat agent dubbed as “pompompurin”. The motive behind the attack is unclear but it appears that he wasn’t to be in search of money since he uploaded the data slowly over time and didn’t demand any money.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” Those photos could be used to phish and spear phishing attacks.
Researchers searching the Internet for poorly protected databases discovered a massive database that contains details about 3.2 million DriveSure clients. The breach involves 91 MySQL database that contains extensive inventory and dealership data as well as revenue data, claims and reports and also PII, and 93 063 Bcrypt hashed credentials.
The company claims it’s working with Microsoft to get the flaw fixed. It’s not clear yet whether the company will be able to get a patch to the many smaller systems that run the old version of Accellion’s FTA.
