General 

Dealer Leads, A Marketing Firm Exposes 198 Million Car Buyer Records

Vivek Sharma 0 Comments , , ,

Ever thought how your personal information gets exposed by the simplest of means? Well, most of you must not have even given it a thought while buying your much-awaited car. Of course, you were occupied with the excitement of the car and your personal-data breach was the last thing on your mind.

Cybersecurity has yet again come to light and its existence has become more questionable. This is due to the expose of customer data of a staggering 198 million people. This is shocking and questions whether information cybersecurity and security measures matter at all to these companies.

This breach was identified by “Jeremiah Fowler” on 19th August. He is a senior security researcher and a communication specialist. At first, it was difficult to identify the source. The shocking part was this dataset was encountered several times during the week. So, unauthorized access by people is immeasurable. 

After Fowler researched and reviewed multiple domains, he was able to reach the point of the leak. It was identified as “Dealer Leads”. This is an online marketing firm that provides support to dealerships around the U.S. As a part of their services, they maintain the database that carries information of prospective car buyers.

On 20th August when he found out that the records were publicly accessible, he sent multiple emails to Dealer Leads. But, they were unsuccessful and no outcome was seen. Notifying about this exposure was crucial, and hence he finally called up.

He was able to contact the General Sales Manager. As expressed by Fowler, he was concerned and professional and took immediate steps to restrict public access after the notification.

What is at stake?

In this discovery by Fowler, he noticed that it was an elastic database that was set open. It was compatible with all web-browsers. This meant anyone simply with an internet connection could access it.

The gravitas of how much this personal information leak is harmful depends on who all must have accessed it. The duration for how long this database has been accessible is undetermined. Thus, it raises a lot of concern about security protection. 

The IP addresses, pathways, ports, and even the storage information was kept easily accessible. There was no restriction whatsoever. Besides, this was a non-password protected data of massive 413 GB. It had the most detailed information like :

  • Names, Phone Numbers, email ids’, and street addresses.
  • Potential car buyers information
  • Log data along with I.P. addresses of visitors.
  • Information about vehicles for sale
  • Loan & Finance Inquiries

Cyber-attacks have become more rampant than ever before as we become more and more technology-driven in how we store our data. PII (Personally Identifiable Information), in simple language, is a database consisting of personal data of the general public. It can be used for personal benefit or deceiving customers. 

Various social media platforms or companies sell such databases for hundreds and thousands of dollars. This can be done under a legal process which also guarantees that there shall not be unethical or misuse of the data. Large marketing firms mostly purchase such databases. They have a team of data scientists and researchers who help them devise strategies for better sales. 

What can be done?

Time and again attackers attack multiple organizations. Some of them are big multinational companies(MNCs). The question now arises is that, Is it possible to avoid all this loss of money, time, and resources?

  • As an Organization:

Well, there is a solution. There are many risk management solutions that can be implemented. You must conduct regular IT assessment and IT security audit of your InfoSec network. If it is feasible for you, you can employ a separate division in your company that takes care of your compliance services and cybersecurity services.

But, for most companies, it is not possible to allocate a budget for such human resources. In that case, does it mean they should just hope that they are not attacked? No, you can easily hire virtual CISO services that are equally dexterous and help you counter any and all potential attacks. 

BizzSecure is one cybersecurity service providing company, that, with years of experience has devised strategies and methods to cater to the needs of every company-small or big. They have built a team of remarkable cybersecurity experts. BizzSecure team efficiently carries out vulnerability scanning and penetration testing for your network. 

This analysis and reporting give you an in-depth picture of what is lacking. Moreover, they can help you create a network that is guarded against all attacks. As much it is important to be protected, it is also necessary that you are aware. Protecting information and data of your clients/customers is your responsibility. 

BizzSecure focuses on three things namely Automation of your network, completeness, and finally visibility. They implement this by providing GRC solutions customized to your requirements. Cybersecurity consulting can be very beneficial for you. 

  • As a Customer:

There are some basic practices you can follow to ensure the safety of your personal information. 

  • Always ascertain that whenever you provide some personal information, that is confidential to a company, they guarantee to safeguard it making proper provisions.
  • Many companies carry out affiliate marketing. Your data must be protected in all situations. 

You May Also Like

Mattress Affecting Sleep

7 Startling Ways Your Mattress Affects Your Health and Sleep

Admin 0
Auberge Beach Residences

Locating The Finest Beach Residences In Fort Lauderdale

Praveen Naveen Friend haha 0
ready to move flats for sale in chandigarh

Top 4 Reasons to Invest in New Chandigarh Property

Admin 0

Leave a Reply

Your email address will not be published. Required fields are marked *