Drivesure, a provider of car dealership services, was hit with a data breach last December, which resulted in 26GB of private information being downloaded and shared on forums for hackers. The data set hacked included names, addresses, and telephone numbers of 3.2 million customers, as well as texts and emails between traders and their clients vehicles, VINs of their vehicles, and service records. Also, more than 000 hashed passwords for bcrypt were released. While bcrypt hashes are considered superior to traditional methods such as SHA1 and MD5 but they are able to be used for brute force after downloading, according to Risk Based Security.
Hacker «pompompurin» detailed the leak of user data and files in a lengthy blog post on Raidforums. This is unusual, as hackers typically only share valuable parts or cut-down versions of databases they have found.
According to CISO Magazine, the database was exposed because of a configuration error in an AWS bucket used by the company. The AWS bucket had been left unprotected, which allowed anyone to access the contents and data. This included more than one million email addresses stored in plain text, as well as passwords encrypted using Bcrypt.
Drivesure users should be concerned about the breach, since they may become victims of identity theft or fraud when their personal information is stolen. Users of the site are advised to change their passwords as fast as possible. They should also consider changing their login credentials on other websites that require the exact same credentials.