Researchers recently discovered a database that included client data of DriveSure clients posted on RaidForums by a frequent poster named “pompompurin”. The data was posted on December 19th and was discovered on January 4th. Typically threat actors will post only the important and worthwhile data but this dump contained everything that was able to be accessed. It is believed that over three million people could be affected by the exposure of the data, which includes names, addresses, phone numbers, email addresses, IP addresses, car makes and models, VIN numbers, car service records and dealership records, damage claims and 93,063 bcrypt hashed passwords. The user responsible for leaking the data, pompompurin is known to post databases, and has posted seven already this year. Those included People’s Energy Company, Photolamus, Travel Oklahoma, MMG Fusion, Bourse des vols, Capital Economics and Wemo Media. Ivan Righi from Digital Shadows stated “These breaches are not uncommon on Raidforums, and it bears resemblance to other hacking groups such as ShinyHunters, which exposed close to one billion user records in 2020,” Righi said. “As the data breaches are being offered for free, it is likely that the user is attempting to build a reputation for themselves on the criminal forum.”
Binary Defense Counterintelligence analysts regularly monitor forums, including RaidForums, for any information that may have been stolen from clients to provide advance warning and investigate to obtain more details. Information that was accessed from this database would make it easy for threat actors use it to carry out insurance scams. Users who have been affected should change their passwords as soon as possible and make sure passwords are not being reused. Phishing attempts are also likely to increase so any suspicious emails from unknown senders should not ben responded to, especially if they ask for additional personal information.