Did DealerBuilt DMS Really Get Hacked?

[Jlewis74]

I know a few dealers on this DMS and they got letters about it.

 

[ryan.gerardi]

Agreed.

The silence of DealerBuilt is understandable, but the silence of the automotive press is strange given all of the attention to data security in automotive retail over the past 10 years.

@Stauning maybe Auto News is still investigating? Or maybe DealerBuilt advertises with Auto News? Ha!

 

[jeffwhite]

Keep in mind they are on the radar of the big 3 DMSs....I can only imagine who is responsible if you received the article from one of their reps.

 

[Tomvv]

I don't think DealerBuilt was targeted in this at all. This appears to just be negligence on the backup and transfer of the data. Regardless of who found the it, we should be glad it was exposed and is now fixed. People look for vulnerabilities like this all the time.

 

[craigh]

I don't think DealerBuilt was targeted in this at all. This appears to just be negligence on the backup and transfer of the data. Regardless of who found the it, we should be glad it was exposed and is now fixed. People look for vulnerabilities like this all the time.

This is exactly how this works.
Servers are automatically scanned and tested for things like this.
They were transferring insecure backups over the default rsync ports between servers.
They didn't make it difficult to find - I've got dozens of servers and those ports get pried at and poked at 100 times a day.

 

[jeffwhite]

Agreed, dealerships are BIG targets simply for the data they house and use. I was just saying consider the source, we have all seen what "fake news" can do to a reputation.