DriveSure, a corporation that helps car dealerships sell and hold customers, possessed 3. two million consumer records released this month. Online hackers illegally obtained the data and posted this to multiple hacking discussion boards. The data was offered at no cost and included names, handles, phone numbers and emails along with vehicle VIN numbers, documents and damage promises. The data also included information from large company accounts and military contact information.

The attackers released a 22GB folder that comprised of the DriveSure MySQL databases, which uncovered 91 very sensitive databases. The database dump was accompanied by PII, damage cases, expanded car specifics and seller and guarantee info and also 93, 500 bcrypt hashed account details, Risk Established Reliability explained in a writing on January 4. Although security advisors consider bcrypt visit this site right here safer than SHA1 or MD5, it can be brute-forced with sufficient calculating power.

The attackers circulated the repository in Raidforums later last month beneath the username “pompompurin. ” They will wrote a lengthy post to explain why they were being paid the data, a behavior that is uncommon meant for hackers. Commonly, they simply share worthwhile segments or trimmed straight down versions of user databases.