The personal details of millions of American car owners who subscribe to an assistance program for roadside emergencies offered by the firm drivesure is made public after a cybercriminal hacked the firm and smuggled multiple sources of its databases on hacking forums. A security researcher from the vendor Risk Based Security discovered the raidforums database on the cracking forums past due last month, and informed Drivesure of the issue this week. The databases contain names, addresses the volume of cellular phone calls and electronic mails, as well as information about the customers’ vehicles, which include their model, produce and VIN number, as well as service records and damage claims. The breach also contained 93,000 passwords encrypted with bcrypt, which are used to protect the data stored by secure software. These passwords remain susceptible to brute force attacks if a hacker spends days running scripts on them.

Drivesure is a supplier of services that helps car dealers build loyalty to their customers by utilizing information about their interactions. The Illinois-based firm focuses on retention of employees and consumer training programs, among other things.

Thompson used a vulnerability that was unpatched in the cloud firewall configuration to circumvent security measures within the company, and gain access to directories and data buckets. Thompson then uploaded her stolen data onto GitHub, and slowly changed the information as she continued to hack. If she was attempting to make money from the attack isn’t clear. In the last few weeks, other notable targets were also targeted. These included Washington State unemployment claimants who were affected by a security breach in a third-party system utilized by an auditor and employees of the air charter company Solairus Aviation.