March 7, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

DriveSure DataBreach Exposes Almost 3.3 Million Email address, VIN #s, and other PII of Dealership Customers and Other Important Auto Information

2 min read

DriveSure aka Krex,Inc is a Car Dealer Support company that helps Automotive Dealerships by offering preventive maintenance products and services that make the customer experience of going to the dealership more attractive.
They offer Training for the Dealership Employees, Roadside Assistance, Road Hazard Tire Protection, Emergency Rental car coverage, and Personalized Customer engagement
The personalized engagement uses Mail, email, mobile app, and text messages to communicate and give reminders to the dealership’s customers.
On January 4, 2021, RiskBased Security found a Post on the DarkWeb claiming to be a dump of DriveSure and turned out to be a database 22GB in size. There was also published a 6 GB group of Backups and parser files from Krexinc.
The Hackers on the DarkWeb posted information about the databases and included large samples of data. The data consisted of fields such as
Names, Addresses, Phone numbers, Email addresses, IP addresses, car makes and models, VIN numbers, Car service records and car dealership records, Damage claims, 93,063 bcrypt hashed passwords, and Text and email messages between the dealerships and clients.
Of the samples, the researchers at Riskbased Security found 3.28 million unique email addresses.
When browsing to the DriveSure Website…
You will notice there is No notification of Breach on DriveSure’s Main Website or on their blog.
However, when RiskBased Security Reported the Breach to DriveSure; leadership of the company responded promptly that they are investigating the incident.
This is Still a developing story …

Copyright © All rights reserved. | Newsphere by AF themes.