CarGurus Data Breach Exposes 12.5 Million Customer Accounts
U.S.-based online automotive marketplace CarGurus has suffered a major data breach. According to Troy Hunt’s data breach notification site 'Have I Been Pwned', information from 12.5 million customer accounts was compromised in the incident. The report was first published by TechCrunch.
The stolen data includes customers’ names, email addresses, phone numbers, and physical addresses. Have I Been Pwned also reported that user account ID mappings, finance prequalification application data, and information related to dealer accounts and subscriptions were exposed.
The notorious hacker group ShinyHunters is being blamed for the attack. The group is known for using social engineering tactics, such as calling help desks while impersonating employees. Previously, ShinyHunters reportedly stole more than one billion records from several universities and customers of Salesforce, including Google and Workday. The group has also recently claimed responsibility for hacking Pornhub and fintech lending giant Figure.
Founded in 2006, CarGurus operates as an online marketplace where customers can buy, sell, and finance vehicles. The company has not provided an immediate comment regarding the breach.
It is worth noting that this marks the second automotive-related data leak this year. Last month, Have I Been Pwned reported that another automotive marketplace, CarMax, experienced a data exposure involving approximately 431,000 email addresses, names, phone numbers, and physical addresses.
DBTech/BMT/OR
