Ethical Hacking News
CarGurus has been hit by one of the largest data breaches on record, exposing personal information from over 12 million user accounts. The threat group ShinyHunters published the leaked data online, and CarGurus has yet to issue an official statement regarding the breach. As a result, users are advised to be cautious for suspicious communications or phishing attempts that may leverage the stolen data.
CarGurus suffered one of the largest data breaches on record, exposing personal information from over 12 million accounts. The breach was carried out by threat group ShinyHunters, who published sensitive user data such as email addresses and phone numbers. About 70% of the leaked data was already present on monitoring platform HaveIBeenPwned (HIBP), leaving around 3.7 million records new. ShinyHunters is demanding payment from CarGurus in exchange for not releasing further sensitive information. The breach highlights the growing threat of data breaches and cyber attacks, which are becoming increasingly sophisticated.
CarGurus, a leading digital auto platform used by millions of people to research and purchase new and used vehicles, has been hit by one of the largest data breaches on record. According to reports, the threat group ShinyHunters has published personal information from over 12 million CarGurus accounts, exposing sensitive user data such as email addresses, IP addresses, full names, phone numbers, physical addresses, and more.
The breach was first reported by BleepingComputer, a reputable online publication that tracks cybersecurity incidents. The site claimed to have obtained internal documents from CarGurus revealing the scale of the breach, which included 12.4 million records stolen by ShinyHunters. These records were published in a 6.1GB archive, which is now available for download on various cybercrime forums.
CarGurus has not yet issued an official statement regarding the breach, but HaveIBeenPwned (HIBP), a data breach monitoring and alerting platform, has confirmed that it has added the dataset to its database. HIBP reports that 70% of the leaked data was already present on their platform from previous incidents, which means that around 3.7 million records are new.
The leaked data includes user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information. ShinyHunters has threatened to publish more stolen data unless CarGurus agrees to negotiate with them, a tactic used by the group in previous incidents.
ShinyHunters is known for its sophisticated tactics, including social engineering attacks that use voice phishing to breach organizations. They typically demand payment from their targets in exchange for not releasing further sensitive information.
This latest attack on CarGurus follows a series of high-profile breaches carried out by ShinyHunters against prominent companies and brands, including Dutch telecommunications provider Odido, ad tech firm Optimizely, fintech firm Figure, outerwear brand Canada Goose, restaurant chain Panera Bread, online dating company Match Group, and music streaming platform SoundCloud.
CarGurus users are advised to be cautious for suspicious communications or phishing attempts that may leverage the stolen data. The company's failure to respond to BleepingComputer's request for comment has raised concerns among cybersecurity experts, who warn that such delays can leave companies vulnerable to exploitation.
The incident highlights the growing threat of data breaches and cyber attacks, which have become increasingly sophisticated in recent years. As more organizations rely on digital platforms to conduct business, the risk of sensitive user data being compromised grows.
In light of this breach, it is essential for CarGurus users to take proactive steps to protect themselves from potential phishing attempts or other malicious activities that may arise from the stolen data. This can include monitoring their accounts for suspicious activity and keeping their personal information up to date.
As ShinyHunters continues to wreak havoc on unsuspecting companies, cybersecurity experts will be watching with interest as CarGurus takes steps to address this breach and protect its users' sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/ShinyHunters-Strike-Again-124-Million-CarGurus-Accounts-Exposed-in-Data-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
https://haveibeenpwned.com/Breach/CarGurus
https://en.wikipedia.org/wiki/ShinyHunters
https://www.independent.co.uk/tech/google-data-breach-shinyhunters-cyber-attack-b2821097.html
Published: Tue Feb 24 13:45:43 2026 by llama3.2 3B Q4_K_M
