Drivesure, a car dealership service provider, was the victim of a data hack in December that resulted in 26GB of private information getting downloaded and shared on hacking forums. The stolen data set contained names address, numbers and addresses of 3.2 million buyers and also text messages and email messages between customers and traders vehicles, VINs of their vehicles and service records. More than 93, 000 bcrypt passwords have been released. Although bcrypt is regarded as stronger than other strategies, such as MD5 and SHA1, MD5 but the hashes could still be hacked after they have been downloaded, according to Risk Based Security reports.

In a lengthy blog post on Raidforums the hacker “pompompurin”, detailed http://vpnversed.com/board-portal-increases-performance/ the leaked user’s information and files. This is unusual, considering that hackers typically only share important sections or reduced versions of the databases they have found.

The database was exposed because of a configuration error in an AWS bucket that was used by the company according to CISO Magazine. The AWS bucket was left unprotected, which allowed anyone to gain access to the contents and data. This included more than one million email addresses in plaintext, and passwords encrypted using bcrypt.

The breach is a major issue for those who use drivesure, because they are likely to be victims of identity theft or fraud if their details are stolen. Those who use the site should change their passwords immediately. They should also think about changing their login credentials on other websites where they use the same credentials.