Drivesure, a provider of car dealership services, was hit with a data breach last December that resulted to 26GB of personal information being downloaded and shared on hacking forums. The data hacked contained names address, addresses and phone numbers of 3.2 millions buyers and sellers, as well as messages sent via email and text messages between clients and traders vehicles, VINs of their vehicles, and service records. Also, more than 93 000 hashed passwords for bcrypt were made public. Although bcrypt is regarded as stronger than the older methods like MD5 and SHA1, MD5, the hashes can still be hacked after they are downloaded, according to Risk Based Security reports.

In a long post on Raidforums, hacker “pompompurin” described the leaked user information and files. This is unusual, as hackers usually only share valuable sections or reduced versions of the databases they have found.

According to CISO Magazine, the database was exposed due to a misconfiguration in an AWS bucket that was being used by the company. The AWS bucket had been left unprotected, allowing anyone to access it and its contents. This included more than one million email addresses stored in plaintext, and passwords encrypted with Bcrypt.

The breach is of major concern for those who use drivesure, since they could be victims of identity theft or fraud when their information is stolen. Users of the site should immediately change their passwords. Additionally, they should consider http://vpnversed.com/board-portal-increases-performance/ changing their login details on other websites that use the same credentials.