Your domain registration is pending. Check back in an hour
Posted on Feb 20, 2021

Over Three Million US Drivers Exposed in Data Breach
Phil Muncaster©
UK / EMEA News Reporter , Infosecurity Magazine
Over three million customers of a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum, according to Risk Based Security.

The security vendor spotted multiple databases uploaded to a hacking forum on January 4 this year, although the data dump apparently took place on December 19 2020.

It traced them back to DriveSure, an Illinois-based business owned by car dealership service provider Krex. Its website explains that the firm helps its clients to build strong customer relationships to encourage drivers back to dealerships for vehicle service and unplanned repairs.

On discovering the forum post, Risk Based Security dug deeper to validate the data from multiple databases. This included names, home and email addresses, phone numbers, car and damage details, text and email messages with dealerships, and over 93,000 bcrypt hashed passwords.

Although stronger than SHA1 and MD5, bcrypt could still be brute-forced if password strength is poor, said Risk Based Security.
Contact Us
Message sent. We'll get back to you soon.