Drivesure, a car dealership service provider, experienced a data breach in December last year. As a result, 26GB of private information was downloaded and shared on hacking forums. The data hacked contained names addresses, addresses, and phone numbers of 3.2 millions of buyers and also texts and emails between clients and traders as well as vehicle VINs and service records. More than 93, 000 bcrypt hashed passwords were released. While bcrypt is thought to be more secure visit this page than other strategies, such as MD5 and SHA1, MD5 The hashes can still be brute-forced after they are downloaded, according Risk Based Security reports.
In a lengthy blog post on Raidforums the hacker “pompompurin” described the leaked user’s information and files. This is unusual since hackers usually only share important fragments or reduced versions of the databases they have discovered.
According to CISO Magazine, the database was exposed because of a configuration error in an AWS bucket that was utilized by the company. The AWS bucket had been left unprotected, which allowed anyone to gain access to the contents and data. This included more than one million email addresses stored in plaintext, as well passwords that were encrypted using bcrypt.
The breach is a serious issue for those who use drivesure, because they are more likely to be victims of identity theft or fraud when their information is stolen. Users of the site are advised to change their passwords as fast as they can. They should also think about changing their login credentials on other websites using the same credentials.