The DealerLeads Breach: What You Need to Know…

by

September 16, 2019

Security7-Blog Image

198 million people who were looking for a new car just had their PII data stolen by hackers. The breached database belonged to DealerLeads, an online company that focuses on helping people find their next car.

DealerLeads owns hundreds of different websites, each key-worded to precisely match a customer’s search engine query. They’ve been in business for about 20 years and they’ve been very, very successful according to their website (https://dealerleads.com/).

The breach was discovered by Jeremiah Fowler, a senior security researcher at Security Discovery. In a recent interview with Forbes (which you can read here: https://www.forbes.com/sites/daveywinder/2019/09/15/bought-a-car-recently-198m-car-buyer-records-exposed-in-massive-data-leak/#511981b77391) that he saw the 413GB dataset over and over recently, finally peaking his interests to investigate.

What was leaked?

Oh, golly. Lots and lots.

Names, email addresses, street addresses, phone numbers. You name it. They even nabbed IP addresses. Fowler said he first notified the company on August 19th of this year. After a few days of waiting for a reply, he reached out again by phone.

Fowler said DealerLeads were quick to protect the database with a password after they had been notified but it was too late. The damage had been done.

What’s going to happen?

Not sure. That’s still up in the air. DealerLeads still hasn’t made a public announcement regarding the breach or, from what I’ve been able to find, made any sort of outreach to affected customers (both personal or dealerships).

Conclusion

The Forbes article is worth reading. Here’s the link again: https://www.forbes.com/sites/daveywinder/2019/09/15/bought-a-car-recently-198m-car-buyer-records-exposed-in-massive-data-leak/#511981b77391.

I’d love to say this kind of breach isn’t common, but it is. What’s worse is it’s not even really a breach. The database was left wide open and presented its information willingly to anyone with the knowledge or wherewith-all to look for it.

Most of these breaches are caused by either lax security policies or no security policies at all. Companies seem to either totally ignore basic principles or willingly assume the massive risk associated with a breach.

If you think your company might be at risk, or if you’re interested in implementing a better security posture we’d suggest you check out our Security Advisory Services page and schedule a time to talk with us.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

 

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...