CarGurus data breach affects 12.5 million accounts

In Brief

Automotive marketplace CarGurus was the people of a information breach successful which the names, email addresses, telephone numbers, and carnal addresses of millions of customers were stolen.

Have I Been Pwned, a information notification tract supplier by information researcher Troy Hunt, reported that 12.5 cardinal CarGurus accounts were compromised successful the information breach.

CarGurus, founded successful 2006, operates an online marketplace that allows customers to buy, sell, and concern conveyance purchases.

Have I Been Pwned attributed the breach to the ShinyHunters hacking group.

The ShinyHunters radical is known for its societal engineering skills, specified arsenic calling up helpdesks and pretending to beryllium employees who request their password reset. The hackers person utilized their societal engineering skills to bargain reams of information from several universities, implicit a cardinal records from Salesforce customers, including Google and Workday, and claimed caller hacks astatine Pornhub and fintech lending elephantine Figure.

TechCrunch has reached retired to CarGurus for remark and volition update this nonfiction if the institution responds.

The lawsuit information that was published included idiosyncratic relationship ID mappings, concern pre-qualification exertion information and trader relationship and subscription information, according to Have I Been Pwned.

This is the 2nd automotive-related information breach reported by Have I Been Pwned this year. Last month, information allegedly from CarMax was published pursuing a failed extortion attempt, the information breach notification tract reported. The information breach included astir 431,000 unsocial email addresses on with names, telephone numbers, and carnal addresses.

Subscribe for the industry’s biggest tech news