If you’re a car dealership proprietor or work in the automotive industry, it’s likely you’ve used a tool called drivesure to train your employees to sell and retain customers. Many customers gave their full names, address number, phone numbers, emails as well as VINs of their vehicles and service records to this service and it’s believed that some of these accounts were taken. Hackers posted the information on the Raidforums forum late last month and provided it for free.
The dump of data was published by a threat actor identified as “pompompurin,” according to Bleeping Computer news service. The motive of the attacker is not known. However, he did not seem to be after money as the files were uploaded slowly and did not solicit payment.
Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” The photos could be used to phish and spear phishing attempts.
Researchers looking on the Internet for databases with weak security discovered a massive database with details about 3.2 million DriveSure clients. The breach involves 91 MySQL database that contains detailed inventory and dealership details as well as revenue data, claims and reports, as well as PII, and 93 063 Bcrypt hashed credentials.
The company claims to be working with Microsoft to correct the flaw. It’s unclear if the company can get an update for the many smaller systems running the older version of Accellion’s FTA software.