Automotive marketplace CarGurus was the target of a data breach in which the names, email addresses, phone numbers, and physical addresses of millions of customers were stolen.
Have I Been Pwned, a data-breach notification site provided by security researcher Troy Hunt, reported that 12.5 million CarGurus accounts were compromised in the data breach.
CarGurus, founded in 2006, operates an online marketplace that allows customers to buy, sell, and finance vehicle purchases.
Have I Been Pwned attributed the breach to the ShinyHunters hacking group.
The ShinyHunters group is known for its social engineering skills, such as calling up help desks and pretending to be employees who need their password reset. The hackers have used their social engineering skills to steal reams of data from several universities and over a billion records from Salesforce customers, including Google and Workdayand they claimed recent hacks at Pornhub and fintech lending giant Figure.
CarGurus spokesperson Maggie Meluzio confirmed to TechCrunch that the company experienced a cybersecurity incident, which is now contained.
“there are no indications that dealer data feeds, APIs, or core systems or products used by our consumers or dealer partners have been compromised. We remain fully operational, and our services continue without interruption. We will notify any affected individuals in accordance with applicable laws,” said Meluzio.
CarGurus did not dispute Have I Been Pwned’s figure.
The customer data that was published included user account ID mappings, finance prequalification application data, and dealer account and subscription information, according to Have I Been Pwned.
This is the second automotive-related data breach reported by Have I Been Pwned this year. Last month, data allegedly from CarMax was published following a failed extortion attempt, the data breach notification site reported. The data breach included about 431,000 unique email addresses along with names, phone numbers, and physical addresses.
Updated Wednesday with comment from CarGurus.