The DealerLeads Breach: What You Need to Know…

by

September 16, 2019

Security7-Blog Image

198 million people who were looking for a new car just had their PII data stolen by hackers. The breached database belonged to DealerLeads, an online company that focuses on helping people find their next car.

DealerLeads owns hundreds of different websites, each key-worded to precisely match a customer’s search engine query. They’ve been in business for about 20 years and they’ve been very, very successful according to their website (https://dealerleads.com/).

The breach was discovered by Jeremiah Fowler, a senior security researcher at Security Discovery. In a recent interview with Forbes (which you can read here: https://www.forbes.com/sites/daveywinder/2019/09/15/bought-a-car-recently-198m-car-buyer-records-exposed-in-massive-data-leak/#511981b77391) that he saw the 413GB dataset over and over recently, finally peaking his interests to investigate.

What was leaked?

Oh, golly. Lots and lots.

Names, email addresses, street addresses, phone numbers. You name it. They even nabbed IP addresses. Fowler said he first notified the company on August 19th of this year. After a few days of waiting for a reply, he reached out again by phone.

Fowler said DealerLeads were quick to protect the database with a password after they had been notified but it was too late. The damage had been done.

What’s going to happen?

Not sure. That’s still up in the air. DealerLeads still hasn’t made a public announcement regarding the breach or, from what I’ve been able to find, made any sort of outreach to affected customers (both personal or dealerships).

Conclusion

The Forbes article is worth reading. Here’s the link again: https://www.forbes.com/sites/daveywinder/2019/09/15/bought-a-car-recently-198m-car-buyer-records-exposed-in-massive-data-leak/#511981b77391.

I’d love to say this kind of breach isn’t common, but it is. What’s worse is it’s not even really a breach. The database was left wide open and presented its information willingly to anyone with the knowledge or wherewith-all to look for it.

Most of these breaches are caused by either lax security policies or no security policies at all. Companies seem to either totally ignore basic principles or willingly assume the massive risk associated with a breach.

If you think your company might be at risk, or if you’re interested in implementing a better security posture we’d suggest you check out our Security Advisory Services page and schedule a time to talk with us.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

 

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

What to Know Before Installing Copilot for Microsoft Word

What to Know Before Installing Copilot for Microsoft Word

Imagine having an AI assistant that pulls from your notes, marries them to an existing document format, and writes a document for you. That's the power of Copilot for Microsoft Word, which is planned for rollout in 2024 for those who buy the Copilot M365 license....

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...