After a cybercriminal illegally hack the company, and then dump multiple sources of its databases on hacking forums, the personal details of millions vpnversed.com/board-portal-increases-performance/ of American automobile owners who enrolled to a roadside service provided by drivesure is now accessible online. A security vendor researcher Risk Based Security spotted the databases on the raidforums cracking forum past due last month and reported them to drivesure this week. The databases contain names, addresses the numbers of cell phones, electronic mails, as well as information about the vehicles of customers which include their model, VIN number and their produce. The breach also included over 93,000 passwords encrypted with bcrypt that are generally used to protect data stored by an application that is secure. These passwords remain susceptible to brute force attacks if a hacker spends days running scripts on them.
Drivesure is a provider of services that helps car dealerships build loyalty among customers by leveraging data about their interactions with customers. The company is based in Illinois and focuses on employee retention as well as consumer training programs, in addition to other things.
Thompson exploited a vulnerability in the configuration of cloud firewalls to bypass the security measures at the company and access data buckets and folders. Thompson then uploaded her stolen data to GitHub and then gradually updated the information as she continued to hack. Whether she was trying to make money off of her attack isn’t clear. In the past few weeks, other high-profile targets were also targeted. These included Washington State unemployment claimants, who were impacted by a security breach in an external service utilized by an auditor and employees of air charter company Solairus Aviation.