After a cybercriminal hacks the firm, and dump numerous databases of the firm onto hacking forums, personal data of millions of American car owners who subscribed to a roadside assistance program offered by drivesure is now available online. A researcher at security vendor Risk Based Security spotted the databases on the raidforums forum for cracking past due last month and reported them to drivesure this week. The databases contain names, addresses, cellular phone volumes and electronic mails. There is also information on cars of customers which includes their model, produce and VIN number vpnversed.com/ as well as service records and damage claims. The breach also contained 93,000 passwords that were encrypted using bcrypt. These are usually used to protect the data stored in a secure application. But these passwords can be manipulated by brute force if a bad actor has a long time running scripts against them.
Drivesure is a provider of services that assists car dealerships in building loyalty to their customers by using data about their interactions with customers. The Illinois-based business concentrates on employee education programs and consumer retention, among other things.
Thompson exploited a cloud firewall configuration vulnerability to circumvent security measures within the company and gain access folders and data buckets. She then uploaded the stolen data to GitHub and then slowly updated it while she continued her hacking spree. It is unclear if she was attempting to earn money from her attack is not clear. In the past few weeks, other prominent targets were also targeted. This included Washington State unemployment claimants that were affected by a breach in a third-party service used by an auditor as well as employees of the air charter company Solairus Aviation.