Approximately 12.5 million accounts connected to CarGurus, an online platform for buying and selling vehicles, have been exposed in a security breach, as per the data breach notification platform Have I Been Pwned. The compromised data includes personal details such as names, IP addresses, email addresses, phone numbers, and physical addresses. Additionally, user account ID mappings, finance prequalification application information, and dealer account and subscription data were also affected.
The breach has been attributed to the hacking group called ShinyHunters, which is known for engaging in various cyber incidents and employing social engineering tactics. ShinyHunters have used techniques like pretending to be employees when contacting corporate help desks to infiltrate internal systems.
Previously, Have I Been Pwned revealed that data related to CarMax was posted online following an unsuccessful extortion attempt. This breach impacted approximately 431,000 unique email addresses, along with associated names, phone numbers, and physical addresses.