Recent reports indicate that the automotive marketplace CarGurus has allegedly fallen victim to a significant data breach involving millions of user records. A hacking group known for high-profile extortions has claimed responsibility for the incident and has reportedly begun publishing the stolen information online.
The breach was first highlighted earlier this week when the extortion group ShinyHunters asserted they had obtained approximately 12.4 million records from the car shopping platform. According to industry news outlets, the group made these claims over the weekend before moving forward with the release of the data. This development has raised immediate concerns regarding the security of personal information stored within the company's databases.
Parallel investigations by various technology news organizations have confirmed the scale of the incident, with some estimates placing the number of affected records as high as 12.5 million. These reports rely on data tracking from security notification services that monitor underground forums and hacking activities. The consensus among cybersecurity experts is that the breach is legitimate and represents a substantial exposure for the company’s user base.
The information compromised in this event appears to be extensive, touching on several layers of personal identity. Security analysts have noted that the leaked dataset includes full names, physical mailing addresses, and phone numbers. Additionally, digital identifiers such as email addresses and IP addresses were reportedly included in the stolen files, providing a comprehensive profile of the individuals affected.
While the company works to address the security failure, the incident serves as a reminder of the persistent threats facing large digital marketplaces. The involvement of a well-known hacking collective suggests a targeted effort to monetize user data through public exposure. Users of the platform are being encouraged to monitor their accounts for suspicious activity as the full impact of the leak continues to be evaluated by the tech community.
Source: Hacking Group Claims Theft of 12.4 Million CarGurus User Records