After a cybercriminal hacks the firm, and dump multiple sources of its databases on hacking forums personal details of millions of American car owners who signed up to a roadside service that drivesure offers is now available online. A researcher at security vendor Risk Based Security spotted the databases on the raidforums cracking forum past due last month and informed drivesure of the issue this week. The databases include names, addresses volumes of cell phones, electronic mails. There is also information on vehicles of customers, which includes their produce, model and VIN number, as well as service records and damage claims. The breach also included 93,000 bcrypt passwords, which are commonly used to secure data that is stored by secure applications. These passwords are still possible to be manipulated if an attacker is able to run scripts for days on them.
Drivesure is a service company that helps car dealerships increase loyalty among customers by leveraging data about their interactions with customers. The Illinois-based company is focused on employee training programs and consumer retention, among other things.
Thompson exploited a flaw that was unpatched in the cloud firewall configuration in order to bypass security measures within the company, and https://vpnversed.com gain access to data buckets and directories. She then uploaded the stolen data to GitHub and slowly updated it while she continued her hacking spree. It is unclear if she intended to earn money from her hacking spree. Other prominent targets have been hit over the past few weeks including unemployment claimants in Washington state who were caught in a breach of an external software application used by the auditor, and employees at air charter company Solairus Aviation.