If you’re a dealership owner or in the automotive industry, it’s likely you’ve used a tool called drivesure to help train your employees on how to attract and keep customers. Millions of customers provided their full names, address number, phone numbers, emails as well as vehicle VINs and service records to this service, and it’s possible that some of these accounts were hacked. Hackers posted the information on the Raidforums forum late last month and provided it for free.

According to Bleeping Computer, the data dump was uploaded online by a threat agent dubbed as “pompompurin”. The attacker’s motive is unknown however, he appeared not to be looking for money since he uploaded the data in a slow manner and didn’t ask for any payments.

Moreover, the hacker also published the images of passports and identity documents belonging to journalists and volleyball players from all over the world in a folder marked “backup” and in a separate folder called “AccreditationPhotos.” These photos could be used to perpetrate http://vpnversed.com/ phishing and spear phishing attacks.

Researchers searching the Internet for databases that were not adequately secured found a massive database containing details on 3.2 million DriveSure clients. The breach affects more than 91 MySQL databases that contain extensive dealership and inventory information including revenue data, reports and claims and also PII and 93,063 encrypted passwords.

The company claims it’s working with Microsoft to get the flaw fixed. It’s unclear whether the company can issue an update to the numerous smaller systems that run the old version of Accellion’s FTA.

See all author post