US car company DriveSure has suffered from a data breach in which three million of its customers were exposed. A cybercriminal has posted the data to a dark web forum, according to Risk Based Security. On January 4, Risk-Based Security found that multiple databases were uploaded to a hacking forum. It then traced the information back to DriveSure, which is based in Illinois and owned by dealership service provider Krex. According to their site, the company helps clients to build strong customer relationships and encourages vehicle owners to bring the automobile back to the dealership for service.
The information exposed in the breach includes names, home and email addresses, phone numbers, car and damage details, texts and emails with dealerships, and roughly 93,000 bcrypt hashed passwords. The range of data appeared to be extensive, as one leaked folder contained 22GB of data that included revenue data, reports, claims, and more client data. The multiple troves of information all trace back to DriveSure, however, it is unclear how the cybercriminals first accessed the data.
Read More: Over Three Million US Drivers Exposed in Data Breach
