DriveSure is mostly a training platform that helps car stores to build customer loyalty. It has lots of customers that subscribe to its training and course material. They supply their titles, addresses, telephone numbers and email messages to the web page.

In Dec 2020, DriveSure suffered an information breach which resulted in 26GB of personal information getting downloaded and shared on a hacking forum. This kind of included 5. 6 million unique emails, names, phone numbers and physical addresses. Car or truck information was also exposed including makes, models, VIN numbers and odometer blood pressure measurements.

The cyber-terrorist made the DriveSure data available for cost-free on multiple hacking community forums, so it was freely available to any person. The attackers dumped a 22GB folder which in turn contained DriveSure’s MySQL databases, disclosing 91 hypersensitive databases.

PII was contained in the dump, and damage demands, extended car details and dealer and warranty info. These were pretty much all prime meant for exploitation by other risk actors.

More than 93, 000 bcrypt hashed passwords were also made public. Even though stronger than SHA1 and MD5, bcrypt passwords could be brute-forced when downloaded from a server, Risk Based Security explained.

Having a poor username and password can allow a great attacker of stealing your details from the web server, so it may be important to modify them at the earliest opportunity. In addition , it’s a good idea to wipe hard drive on your pc before getting rid of it in order to avoid any data from staying accidentally or perhaps maliciously subjected. You can do this by using a data break down method or building a fresh installing of the main system.