Over Three Million US Drivers Exposed in Data Breach
Posted February 3, 2021
- Over three million customers of a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum.
- It traced them back to DriveSure, an Illinois-based business owned by car dealership service provider Krex. Its website explains that the firm helps its clients to build strong customer relationships to encourage drivers back to dealerships for vehicle service and unplanned repairs.
- Multiple databases were uploaded to a hacking forum on January 4 this year, although the data dump apparently took place on December 19 2020.
- Although stronger than SHA1 and MD5, bcrypt could still be brute-forced if password strength is poor, said Risk Based Security.
- “One leaked folder totalled 22GB and included the company’s MySQL databases, exposing 91 sensitive databases. The databases range from detailed dealership and inventory information, revenue data, reports, claims,and client data,” Risk Based Security explained.
– Phil Muncaster | February 3, 2021