Millions of consumers’ names, email addresses, phone numbers, and physical addresses were compromised in a data breach at the automotive marketplace CarGurus.
According to security expert Troy Hunt’s data-breach notice website, Have I Been Pwned, 12.5 million CarGurus accounts were stolen.
Established in 2006, CarGurus is an online marketplace that facilitates the buying, selling, and financing of automobiles.
According to Have I Been Pwned, the ShinyHunters hacker collective was responsible for the intrusion.
The ShinyHunters gang is wellknown for its ability to use social engineering techniques, such as phoning help desks and posing as staff members in need of a password reset.The hackers claimed recent intrusions at Pornhub and fintech lending company Figure, and they utilized their social engineering talents to obtain over a billion records from Salesforce clients, including Google and Workday, as well as reams of data from many colleges.
CarGurus has been contacted by TechCrunch for comment; if the firm responds, this piece will be updated.
According to Have I Been Pwned, the consumer data that was made public includes dealer account and subscription details, finance prequalification application data, and user account ID mappings.
According to Have I Been Pwned, this is the second data hack involving automobiles this year.According to the data breach notice website, information purportedly from CarMax was made public last month after an unsuccessful extortion attempt.In addition to names, phone numbers, and physical locations, the data leak contained over 431,000 distinct email addresses.
Leave feedback about this