The personal data of millions of American motorists who sign up to a roadside assistance program offered by drivesure, a company, is made public after a cybercriminal unlawfully hacked the company and dumped multiple sources of its databases on hacking forums. Security vendor Risk Based Security spotted the databases on raidforums cracking forum past due last month and alerted drivesure this week. The databases include names, addresses volumes of cell phones, electronic mails. They also include information on customers’ vehicles, which include their model, production and VIN numbers, along with service records and damage claims. The breach also contained more than 93,000 passwords encrypted with bcrypt that are commonly used to secure the data stored in a secure application. However, these hashes could be forced through brute force if malicious actor is spending a lot of time running scripts against them.
Drivesure is a company that helps car dealerships increase loyalty among customers by leveraging data about their interactions with customers. The Illinois-based firm focuses on employee retention as well as consumer training programs, among others.
Thompson used a vulnerability that was unpatched in the cloud firewall configuration in order to bypass security measures in the company and gain access to data buckets and directories. Thompson then uploaded the stolen data to GitHub and then slowly updated it while she continued her hacking spree. It is not clear if she planned to make a profit from her attack. Other high-profile targets have also been hit over the past few weeks, including unemployment claimants in Washington state who were http://vpnversed.com/board-portal-increases-performance/ snared up in a breach of a third-party software service that was used by the auditor and employees of air charter firm Solairus Aviation.