DriveSure, a business that helps car dealerships offer and save customers, acquired 3. 2 million client records released this month. Cyber criminals illegally acquired the data and posted it to multiple hacking forums. The data was offered free of charge and included names, details, phone numbers and emails and also vehicle VIN numbers, documents and damage remarks. The data included as well information by large company accounts and military tackles.

The attackers released a 22GB file that composed of the DriveSure MySQL databases, which revealed 91 delicate databases. The database drop was accompanied by PII, harm cases, expanded car particulars and seller and warranty info and over 93, five-hundred bcrypt hashed account details, Risk Structured Reliability explained in a blog post on January 4. Whilst security professionals consider bcrypt more secure than SHA1 or MD5, it can still be brute-forced with sufficient computer power.

The attackers released the database on Raidforums late last month underneath the username “pompompurin. ” That they wrote an extensive post to explain how come they were submitting the data, a behavior honestly, that is uncommon meant for hackers. Commonly, they just share valuable segments or trimmed straight down versions of user databases.