ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

DriveSure Data Breach

drivesure.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 3,675,099
Breach date 19 Dec 2020
Added to tracker 10 May 2021
Data classes 6

What happened

In December 2020, the car dealership service provider DriveSure suffered a data breach. The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses, names, phone numbers and physical addresses. Vehicle data was also exposed and included makes, models, VIN numbers and odometer readings. A small number of passwords stored as bcrypt hashes were also included in the data set.

Exposed data

Email addresses Names Passwords Phone numbers Physical addresses Vehicle details

Recommended actions

  • Change your DriveSure password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing DriveSure โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP