Major Data Leak: 198 Million Car Buyer's Information Breached
Cyber-attacks are so common now that it’s less of a surprise each time it happens. It comes down to how large will the attack be and to what industry this time. In this recent attack, 198 million records from an online car buyer marketing database were revealed. After some detective work was done by a senior security researcher at Security Discovery, the 413GB data set showed up several times. The researched eventually traced back the data to lead generation site dealerleads.com. DealerLead was described on LinkedIn as "the largest auto conversion vendor in four years according to Google Analytics" According to DealerLeads website, the company has “collected and purchased areas related to popular cars based on search terms used by car buyers,” for 20 years.
What information was exposed in the database?
The information exposed in the database included names, e-mail addresses, phone numbers, street addresses, and other specific information displayed on the public Internet in plain text. The security researcher pointed that data such as IP addresses, ports, routes and storage information can be exploited too by cyber criminals to navigate through the network.
What happened next?
- On August 19, the security researcher has discovered the dealaerlead connection, he reported the issue of 198 million records from the online car buyer database leak and non-protected passwords.
- On August 20, the database was still online and available for anyone to explore it. After talking to the sales manager, who was concerned about the security of information getting into the public, the database issue was solved.
Why do attacks continue to happen to cloud based companies?
Most companies are not prepared enough in the fight against cyber-attacks. Cloud based data companies provides an easier way to store and retrieve huge amounts of data. Once data is accessible through the internet, the risk of it being breached increases. Certain types of data, like financial and personally identifiable information (PII), are available for hackers to compromise due to their value on the black market. There is no certainty that the data is safe from a cyber-attack, but it is each organization’s due diligence to implement the best cybersecurity protection to make it more difficult for hackers. Although the cloud has many benefits, most organizations remain hesitant to relay all their information to the cloud due to increased security concerns.
RB Advisory is Here to Help
When thinking about cybersecurity, there is no one size fits all approach. Each organization has its unique cybersecurity needs. RB Advisory is here to give you a complete cybersecurity evaluation and program to ensure the highest level of cyber protection. It starts from the basics of password and antivirus protection to the development of complete cybersecurity programs that will protect company data, detect and address the cyber breaches, educate on cybersecurity awareness, and give you peace of mind to operate your business safely.