Edmunds, a major automotive research and car-shopping platform, has been compromised in a data breach that exposed personal information belonging to 178,000 users. The ShinyHunters hacking group claimed responsibility for the attack in January 2026 and subsequently published the stolen data publicly.

The breach affects users who maintained accounts on the Edmunds platform for vehicle research and shopping purposes. The exposed dataset contains a significant amount of personally identifiable information that could be exploited for various malicious purposes, including identity theft and targeted phishing campaigns.

The compromised data includes email addresses, usernames, hashed passwords, IP addresses, phone numbers, and vehicle-related records. The inclusion of passwords is particularly concerning, as many users reuse credentials across multiple online services. IP addresses can reveal geographic locations and browsing patterns, while phone numbers enable direct contact for social engineering attacks. Vehicle-related records may contain information about car ownership, purchase history, and personal preferences.

ShinyHunters is a known cybercriminal group with a history of high-profile data breaches and subsequent public data dumps. The group's decision to publish the Edmunds data publicly rather than selling it privately increases the risk to affected users, as the information is now accessible to any threat actor. This pattern of behavior has been observed in previous ShinyHunters operations targeting various online platforms.

Users who have accounts on Edmunds should take immediate action to protect themselves. First, change your Edmunds password and any other accounts where you used the same or similar credentials. Enable two-factor authentication wherever possible to add an extra layer of security. Monitor your email and phone for suspicious messages or phishing attempts that reference your vehicle interests or Edmunds activity. Consider placing fraud alerts with credit bureaus if you provided financial information to the platform. Organizations should review their security posture and implement robust monitoring to detect similar intrusion attempts.

Source: https://haveibeenpwned.com/Breach/Edmunds