DriveSure, a company that helps car dealerships promote and retain customers, acquired 3. 2 million client records leaked out this month. Cyber criminals illegally acquired the data and posted this to multiple hacking discussion boards. The data was offered for free and included names, details, phone numbers and emails and vehicle VIN numbers, documents redirected here and damage remarks. The data included as well information via large company accounts and military details.

The attackers released a 22GB file that made up of the DriveSure MySQL directories, which exposed 91 sensitive databases. The database dispose of was combined with PII, damage cases, prolonged car facts and supplier and guarantee info and over 93, five-hundred bcrypt hashed accounts, Risk Primarily based Reliability said in a post on January 4. Even though security pros consider bcrypt more secure than SHA1 or MD5, it can still be brute-forced with sufficient computing power.

The attackers printed the repository on Raidforums late last month underneath the username “pompompurin. ” They wrote an extensive content to explain why they were writing the data, a behavior that’s uncommon just for hackers. Commonly, they simply share valuable segments or trimmed down versions of user directories.