CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

CarGurus Data Breach Impacts Over 12 Million Users

Hackers claim to have stolen personally identifiable information and internal corporate data from the automotive firm. The post CarGurus Data Breach Impacts Over 12 Million Users appeared first on SecurityWeek.

Car hacking

More than 12 million users have been affected by a data breach at automotive research and shopping website CarGurus.

The incident was disclosed last week, when the infamous extortion group ShinyHunters added CarGurus to its Tor-based leak site, claiming the theft of personally identifiable information (PII) and internal corporate data.

Initially, the hackers said they stole 1.7 million records from the company, but have since leaked a 6.1GB archive that contains information pertaining to approximately 12.5 million accounts.

The compromised information, data breach notification website Have I Been Pwned says, includes names, addresses, email addresses, phone numbers, and IP addresses.

“Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files, including user account ID mappings, finance pre-qualification application data, and dealer account and subscription information,” the breach notification service says.

In a post on X, Have I Been Pwned noted that roughly 70% of the email addresses in the data set have been compromised in other data breaches as well and were already in its database.

CarGurus has yet to acknowledge the incident publicly. SecurityWeek has emailed CarGurus for a statement about the ShinyHunters’ claims and will update this article if the company responds.

While it is unclear how the data was stolen, ShinyHunters is known for mounting sophisticated voice phishing (vishing) attacks that have compromised numerous organizations.

More than 100 organizations were targeted in a recent ShinyHunters phishing campaign, with some of the latest incidents attributed to the hacking group impacting Optimizely, Figure, Panera Bread, and Crunchbase.

Related: Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches

Related: ApolloMD Data Breach Impacts 626,000 Individuals

Related: Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses

Related: 750,000 Impacted by Data Breach at Canadian Investment Watchdog

Latest News

CYBERNEWSMEDIAPublisher