DriveSure is known as a training platform that helps car dealers to build consumer loyalty. It has millions of customers that subscribe to the training and course material. They feature their brands, addresses, telephone numbers and emails to the site.

In December 2020, DriveSure suffered a data breach which ended in 26GB of personal information getting downloaded and shared on a hacking forum. This included three or more. 6 mil unique emails, names, cell phone numbers and physical addresses. Automobile information was also subjected including makes, models, VIN numbers and odometer readings.

The online hackers made the DriveSure info available for free of charge on multiple hacking discussion boards, so it was freely available to anyone. The attackers dumped a 22GB folder which usually contained DriveSure’s MySQL databases, subjecting 91 hypersensitive databases.

PII was within the dump, along with damage cases, extended car details and dealer and warranty facts. These were most prime with regards to exploitation by other threat actors.

Above 93, 000 bcrypt hashed passwords were also made public. Though stronger than SHA1 and MD5, bcrypt passwords can easily still be brute-forced when downloaded from a server, Risk Based Secureness explained.

Getting a poor security password can allow an attacker to steal your computer data from the machine, so is important to change them immediately. In addition , it’s a good idea to wipe hard drive on your computer system before disposing of it to stop any info from simply being accidentally or perhaps maliciously uncovered. You can do this employing a data devastation program or creating a fresh installation of the main system.