Hackers posted facts on 3.2 million customers lifted from DriveSure info on the Raidforums hacking discussion board late final month.
To confirm the data’s quality, danger actor “pompompurin” detailed the leaked documents and user facts details in a prolonged submit, according to scientists at Risk Based mostly Security, who were the 1st to report the breach.
The prolonged submit was unusual in that hackers usually only share important segments or trimmed down variations of person databases, the scientists wrote, but in this circumstance, quite a few backend documents and folders had been leaked.
DriveSure, a assistance supplier for car dealerships that focuses on staff education courses and purchaser retention, maintains an abundance of consumer info. The information exposed included names, addresses, phone quantities, email addresses, IP addresses, auto helps make and products, VIN figures, automobile assistance documents and dealership data, injury statements and 93,063 bcrypt hashed passwords. Even though security professionals contemplate bcrypt a solid encryption procedure relative to more mature approaches this kind of as MD5 and SHA1, it is continue to susceptible to brute-drive attacks based on the password power.
The information leaked was key for exploitation by other danger actors, primarily for insurance policy frauds, the researchers explained. Cybercriminals can use PII, damage promises, extended motor vehicle details and seller and warranty details to concentrate on insurance corporations and policyholders as nicely as split into other beneficial platforms like lender accounts, personalized email accounts and corporate units.
The hackers dumped the on December 19, 2020, Raidforums explained, with the researchers exploring the exposed DriveSure databases soon immediately after on Jan. 4.
A person leaked folder totaled 22 gigabytes and included the company’s MySQL databases, exposing 91 delicate databases. The databases assortment from in depth dealership and stock info, earnings knowledge, reports, statements and consumer data.
A 2nd compromised folder contained 11,474 information in 105 folders and totals 5.93 GB. Self-recognized as “parser data files,” they are most likely logs and back again-ups of their databases and have the very same information and facts detailed in the SQL databases, the researcher stated.
This was not the initial time that “pompompurin” has exposed databases, explained Ivan Righi, cyber threat intelligence analyst at Electronic Shadows. The risk actor has leaked 7 other databases in 2021, like people from People’s Energy Firm, Photolamus, Travel Oklahoma, MMG Fusion, Bourse des vols, Cash Economics and Wemo Media.
“These breaches are not uncommon on Raidforums, and it bears resemblance to other hacking teams this sort of as ShinyHunters, which exposed close to a person billion user information in 2020,” Righi reported. “As the facts breaches are currently being offered for absolutely free, it is probable that the user is making an attempt to create a reputation for by themselves on the legal forum.”
Some areas of this posting are sourced from: