You might have used drivesure for training your staff to increase sales and retain customers If you own a vehicle dealership or work in the automotive industry. Millions of customers have supplied their full names, addresses, telephone numbers, email addresses, vehicle VINs, and service records to the company and it appears that some of these accounts were stolen. Late last month, hackers published that information on the Raidforums hacking forum and offered it for free download.
The dump of data was uploaded by a threat-maker known as “pompompurin,” according to Bleeping Computer news service. The motive behind the attack is unclear, but he seemed not to be seeking money as he uploaded the data slowly over time and didn’t demand any money.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These images could be used to carry out spear phishing or phishing attacks.
Security researchers combing the Internet for databases that are not secure have uncovered a http://vpnversed.com/ massive database of information on 3.2 million DriveSure customers. The breach encapsulates 91 MySQL databases that contain extensive dealership and inventory information, revenue data, reports and claims along with PII and 93,063 bcrypt hashed passwords.
The company says it’s working with Microsoft to get the bug fixed. It’s not clear yet what the company’s chances of getting an update to the numerous smaller systems that use the older version of Accellion’s FTA.