Drivesure Car Dealership Info Breach

Com­pa­nies that pro­vide soft­ware or per­haps prod­ucts to oth­er web based often vuner­a­ble to data removes. This is true of how­ev­er, largest busi­ness­es. How­ev­er , small­er com­pa­nies like car deal­ers that rely on spe­cial­ized solu­tions to run their very own busi­ness could find them­selves at a greater expo­sure to pos­si­ble hack­ing attacks. 

One such com­pa­ny, dri­vesure, which pro­vides ser­vices for car deal­er­ships to help these groups build cus­tomer loy­al­ty, knowl­edge­able a break that remain­ing the infor­ma­tion of about 3. a cou­ple of mil­lion peo­ple avail­able online. The attack hap­pened last Decem­ber, and the stolen info set includ­ed names, home address­es, tele­phone num­bers, text mes­sages and emails between deal­ers and the cus­tomers, VINs of auto­mo­biles and ser­vice records as well as over 93, 1000 Bcrypt hashed pass­words. Though bcrypt is regard­ed as vir­tu­al col­lab­o­ra­tion soft­ware safer than old­er meth­ods just like MD5 and SHA1, it may still be brute forced with regards to an extend­ed time peri­od when you will find no safe­guards in place, cor­re­spond­ing to pro­tec­tion ven­dor Risk Based Security. 

Hack­ers sub­mit­ted the data­bas­es on Raid­fo­rums hack­ing forums late last month, accord­ing to Bleep­ing Pc. The con­tent report­ed­ly includ­ed mul­ti­ple direc­to­ries of infor­ma­tion files, includ­ing those from back­end for the company’s MySQL data­bas­es that exposed 91 sen­si­tive direc­to­ries rang­ing from in-depth car deal­er­ship and inven­to­ry infor­ma­tion to rev­enue info, reports, promis­es and client data.