Illinois-based car company DriveSure became the victim of a data breach last December 19, 2020, reports Info Security Magazine. This cybersecurity incident resulted in the vulnerability of around 3.2 million client information as it was posted on a dark web forum.
DriveSure is a car company and car dealership service based in the United States owned by Krex. CISO Mag states that the company specializes in providing its clients with employee training programs. It also dabbles in customer retention and building customer relationships and handling client data.
The data security incident was only discovered on January 4, 2021, states Info Security and as reported by Risk Based Security. The threat actor dubbed as “pompompurin” posted and advertised the files in an underground hacking forum on the dark web called Raidforums.
Based on the findings of Risk Based Security, “One leaked folder totalled 22GB and included the company’s MySQL databases, exposing 91 sensitive databases. The databases range from detailed dealership and inventory information, revenue data, reports, claims, and client data.”
In addition, Risk Based Security also found that “the second compromised folder contained 11,474 files in 105 folders and amassed to 5.93GB. Self-identified as ‘parser files,’ they appear to be logs and backups of their databases and contain the same information listed in the previously mentioned SQL databases, adding to the trove of data.”
Apart from the aforementioned, the cybersecurity incident revealed a separate folder, the third for this incident alone, was also compromised. Spanning 1.56GB, the customer SQL database reportedly contained around 3.2 to 3.3 million email addresses.
Moreover, Info Security Magazine also states that the database in question contained 16,000 .mil and .gov email addresses, showing links to government institutions. Around 5,000 of these email addresses were also found to be in connection to S&P companies.
Besides the email address of 3.2 million customers, the names, home addresses, and phone numbers were also compromised in the cybersecurity incident. Customer exchanges, such as texts and emails with the dealerships and more than 93,000 bycrypt hashed passwords were also made vulnerable.
The findings of Risk Based Security also said that the data breach compromised automobile information, including the model of the vehicle and the car makes. VIN numbers, as well as car service records and dealership records, and damage claims, were also found on the database.
Although the passwords were hashed, Risk Based Security maintained that though this type of protection is stronger compared to protections such as SHA1 and MD5, this would still be reliant on the type of password strength employed by the user.
Given the extent of the breach, cybersecurity researchers say that this could pose harm, giving way to phishing scams and the like to be taken advantage of by threat actors.