CarGurus, a prominent online automotive marketplace, has recently fallen victim to a data breach that has compromised the personal information of approximately 12.5 million accounts. This breach has raised concerns regarding the security of customer data, including names, email addresses, phone numbers, and physical addresses.
The security notification platform, Have I Been Pwned, led by researcher Troy Hunt, confirmed the extent of the breach. It has been linked to the ShinyHunters hacking group, notorious for its advanced social engineering techniques. This group has previously targeted various organizations, employing tactics such as impersonating employees to gain unauthorized access to sensitive information.
Founded in 2006, CarGurus provides a digital platform for users to buy, sell, and finance vehicles, making it a significant player in the automotive industry. The breach has sparked discussions about the need for enhanced cybersecurity measures within online marketplaces.
According to Have I Been Pwned, the leaked data includes user account ID mappings, finance pre-qualification application details, and dealer account subscription information. This incident marks the second automotive-related breach reported this year, following a previous incident involving CarMax, where data from around 431,000 unique email addresses was exposed.
As the digital landscape continues to evolve, the importance of safeguarding personal information remains paramount. CarGurus has been contacted for further comments regarding the breach and its implications for customer security.