• More than 12 million users have been affected by a data breach at automotive research and shopping website CarGurus.The incident was disclosed last week, when the infamous extortion group ShinyHunters added CarGurus to its Tor-based leak site, claiming the theft of personally identifiable information (PII) and internal corporate data.Initially, the hackers said they stole 1.7 million records from the company, but have since leaked a 6.1GB archive that contains information pertaining to approximately 12.5 million accounts.The compromised information, data breach notification website Have I Been Pwned says, includes names, addresses, email addresses, phone numbers, and IP addresses.“Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files, including user account ID mappings, finance pre-qualification application data, and dealer account and subscription information,” the breach notification servicesays.In aposton X, Have I Been Pwned noted that roughly 70% of the email addresses in the data set have been compromised in other data breaches as well and were already in its database.Advertisement. • Scroll to continue reading.CarGurus has yet to acknowledge the incident publicly.SecurityWeekhas emailed CarGurus for a statement about the ShinyHunters’ claims and will update this article if the company responds.While it is unclear how the data was stolen,ShinyHuntersis known for mounting sophisticated voice phishing (vishing) attacks that have compromised numerous organizations.More than 100 organizationswere targeted in a recent ShinyHunters phishing campaign, with some of the latest incidents attributed to the hacking group impactingOptimizely,Figure,Panera Bread, andCrunchbase.Related:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:ApolloMD Data Breach Impacts 626,000 IndividualsRelated:Under Armour Looking Into Data Breach Affecting Customers’ Email Addresse

Article Summaries:

  • More than 12 million users have been affected by a data breach at automotive research and shopping website CarGurus. The incident was disclosed last week, when the infamous extortion group ShinyHunters added CarGurus to its Tor-based leak site, claiming the theft of personally identifiable information (PII) and internal corporate data. Initially, the hackers said they stole 1.7 million records from the company, but have since leaked a 6.1GB archive that contains information pertaining to approximately 12.5 million accounts. The compromised information, data breach notification website Have I B

Sources: