Drivesure, a dealership service provider, suffered a data breach in December last year. In the aftermath, 26GB of personal data was downloaded and shared on hacking forums. The data set that was hacked contained names address, numbers and addresses of 3.2 million customers and also text messages and email messages between customers and traders as well as vehicle VINs and service records. Also, more than 93 000 hashed passwords for bcrypt were made public. Although bcrypt is believed to be stronger than older strategies like SHA1 and MD5, the hashes can still be hacked after they have been downloaded, according to Risk Based Security reports.

Hacker «pompompurin» revealed the leaked user data and files in a lengthy post on Raidforums. This is unusual as hackers usually share only valuable fragments or reduced versions of databases they have found.

According to CISO Magazine, the database was exposed due to a misconfiguration in an AWS bucket that was utilized by the company. The AWS bucket was left unprotected for months and allowed anyone to access the database and its contents, including more than a million unique email addresses and passwords that were stored in plaintext. The passwords were encrypted using bcrypt.

Users of Drivesure should be concerned about the breach, since they could be victims of fraud or identity theft if their data is stolen. Users of the site are advised to change their passwords as fast as possible. Also, they should think about changing their login credentials on other websites where they use the same credentials.

http://vpnversed.com/data-room-software-for-creating-companies-wealth/