If you’re a car dealership owner or work in the automotive industry, it’s likely you’ve used a tool called drivesure to help train your employees to market and keep customers. Many customers have submitted their full names, addresses, telephone numbers emails, addresses, vehicle VINs and service records to the service and it’s believed that a few of those accounts were stolen. Hackers made public the details on the Raidforums forum in the last week and offered it for free.
According to Bleeping Computer, the data dump was uploaded by a malicious agent known as «pompompurin». The attacker’s motivation is unknown. However it appears that he didn’t appear to be seeking money since the files were uploaded in a slow manner and did not ask for payment.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked «backup» and in a separate http://vpnversed.com/board-portal-increases-performance/ folder called «AccreditationPhotos.» Those photos could be used to phish and spear phishing attempts.
Security researchers searching the Internet for databases that aren’t secure have uncovered an enormous database of data on 3.2 million DriveSure customers. The breach involves 91 MySQL database that includes detailed inventory and dealership information, revenue data, reports and claims as well as PII, and 93 063 Bcrypt hashed credentials.
The company has said it’s working with Microsoft to get the bug fixed. It’s unclear if the company can get a patch to the many smaller systems that are using the old version of Accellion’s FTA.