More than 12 million users have been affected by a data breach at automotive research and shopping website CarGurus.
The incident was disclosed last week, when the infamous extortion group ShinyHunters added CarGurus to its Tor-based leak site, claiming the theft of personally identifiable information (PII) and internal corporate data.
Initially, the hackers said they stole 1.7 million records from the company, but have since leaked a 6.1GB archive that contains information pertaining to approximately 12.5 million accounts.
The compromised information, data breach notification website Have I Been Pwned says, includes names, addresses, email addresses, phone numbers, and IP addresses.
“Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files, including user account ID mappings, finance pre-qualification application data, and dealer account and subscription information,” the breach notification service says.
In a post on X, Have I Been Pwned noted that roughly 70% of the email addresses in the data set have been compromised in other data breaches as well and were already in its database.
CarGurus has yet to acknowledge the incident publicly. SecurityWeek has emailed CarGurus for a statement about the ShinyHunters’ claims and will update this article if the company responds.
While it is unclear how the data was stolen, ShinyHunters is known for mounting sophisticated voice phishing (vishing) attacks that have compromised numerous organizations.
More than 100 organizations were targeted in a recent ShinyHunters phishing campaign, with some of the latest incidents attributed to the hacking group impacting Optimizely, Figure, Panera Bread, and Crunchbase.
Related: Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches
Related: ApolloMD Data Breach Impacts 626,000 Individuals
Related: Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses
Related: 750,000 Impacted by Data Breach at Canadian Investment Watchdog
