Has ELeads been hit with a cyber attack?

[Jeff Kershner]

The latest update:

LATEST CDK COMMUNICATION:

No new CDK Updates have been sent since the one sent at 7am and 9am today (see below).

BEWARE: We have received credible reports indicating a rise in fraudulent calls where individuals impersonate CDK support personnel in an attempt to solicit end user credentials. CDK employees do not request credentials under any circumstances.

This practice in the world of cyber-crime is known as social engineering, the use of deception to manipulate individuals into divulging sensitive information that may be used for fraudulent purposes. Continue to remain vigilant and do not reveal your credentials to anyone.

Should you encounter actions like this, immediately report the incident to your leadership as well as OWL Automotive. It is vital to report, to further increase awareness. Please do this by opening an OWL support ticket.

REMINDERS:

1. Ensure you and members of your team remain logged out of CDK applications until further notice.
   1. CDK, CDK Service, Common Admin, Drive, eLeads, eForms, eSign, Fortellis, MyInstall Dealer Portal
2. The total scope and impact of CDK’s cyber incident is unknown, so anything you may hear or read at this point is speculation, please refrain from communicating hearsay, especially outside of the organization.
3. We will continue to provide updates from CDK as they become available.

While CDK is in the restoration phase, there will be limited information to report. As a result, we will now be sending updates every two hours. Of course, any updates we receive from CDK will be sent as well.

 

[Carsten]

Dear valued customers (choke choke),

We are restoring services and will get to you shortly. [We are restoring customers based legal contracts and how much they bring in to us, if you haven't gotten your service back on yet, please upgrade and pay us more and will get you online ASAP).

We are providing you valuable security prevention ideas. [lol, we are too cheap to update our software or we got phished and want to warn you to not make the same mistake]

If you are getting this emails at your company email address just ignore them. [basically, your compamy email security sucks so make their day harder because they are ham stringed too]

We are performing a restoration phase. {we are giving vague updates because we don't have a clue to as for when.

Sincerely, [we are too cheap to pay $8-10 million dollars, we have knee capped your with our contractors, and want you to know that we will settle out of court so that other customers can't use the first case we loose as a prcidint.]
CDK

 

[Evianexxy]

I’ve used an ip stresser before to stress test my own servers, mainly to spot weak points before real traffic spikes hit. The low‑latency setup and API access made it easy to automate runs, and paying with crypto kept things simple. Just make sure you’re only testing systems you own or manage so everything stays on the right side of the rules.

 

[Rick Buffkin]

I’ve used an ip stresser before to stress test my own servers, mainly to spot weak points before real traffic spikes hit. The low‑latency setup and API access made it easy to automate runs, and paying with crypto kept things simple. Just make sure you’re only testing systems you own or manage so everything stays on the right side of the rules.

@Evianexxy
Personally, since the cyber attack, I only conduct my highly advanced network stress tests using a carefully curated team of farm animals around the dealership. Chickens handle packet inspection, ducks manage bandwidth distribution, and the donkeys are responsible for brute-force emotional support and occasional firewall enforcement. If the rooster crows three times outside of the showroom on the used car lot, that’s our alert that latency has spiked somewhere between Nashville and the astral plane.


We did have one minor issue where improper duck-to-router alignment caused regional side effects. Cats within a 12-mile radius of our southeastern location became unusually judgmental (more than usual), and several dogs temporarily stopped barking at customers and instead stared directly into the void. The IT team is still investigating. The goats, however, maintained 99.9% uptime and refused to elaborate.


For more advanced scenarios, we escalate to our alpaca-based cybersecurity division. They specialize in DDoS mitigation and chewing through suspicious traffic patterns. Last deployment resulted in two geese going offline, a tractor achieving sentience, and a tabby in western Kentucky launching what appeared to be a coordinated attack against cloud infrastructure.


We’re also piloting a crypto-based payment system where the chickens peck the blockchain directly. It’s fast, secure, and only mildly cursed.

 

[Zhendrix]

Please keep us updated, specifically with the goats. @Rick Buffkin