Car dealership provider drivesure experienced a data infringement last December that left 26GB of private info downloaded and shared upon hacking message boards. The online hackers dumped multiple databases that contains names, address, phone numbers, email messages between stores and buyers and automobile details including makes, models, VIN volumes, documents, destruction claims and service records. Additionally , over 93, 500 bcrypt hashed accounts were also released. The passwords are cryptographically secure, but simply because they use bcrypt hashes (which are much better than SHA1 and MD5) attackers can still brute-force them to gain access.

The cybercriminal known as “pompompurin” published the databases in Raidforums hacking forum late last month. The database data files contained email usernames, email addresses and passwords. The menace actor as well provided comprehensive descriptions in the leaked directories and individual information, corresponding to secureness vendor Risk Based Security, which earliest spotted the info dump.

The database of nearly 3 million Drivesure subscribers comprises of personal and financial data like license quantities, credit card accounts and commercial lender statements. It might be used for personal information theft, scams and other illegal activities. The hack is another example of how info breaches can happen when small businesses use thirdparty software. The recent exergue of SolarWinds, Washington State’s auditor and Wind River Systems is another. These companies will be among the ones that sell software program to help huge organizations copy large data files. Smaller businesses utilize these thirdparty programs to regulate their inside networks and computers. In spite of the best efforts of these companies to protect all their customer data, they are weak.