More than 12.5 million accounts associated with CarGurus, an online platform for buying and selling vehicles, have been compromised in a security incident, as revealed by the data breach tracking website Have I Been Pwned.
The compromised data includes personal details such as names, IP addresses, email addresses, phone numbers, and physical addresses. Additionally, account ID mappings, information from finance prequalification applications, and dealer account and subscription details were also exposed.
The breach has been attributed to the hacking group ShinyHunters by Have I Been Pwned. This group is known for engaging in various cyber attacks and employing tactics like social engineering, such as pretending to be employees in calls to corporate support centers to infiltrate internal systems.
In a separate incident last month, Have I Been Pwned reported that data purportedly linked to CarMax was leaked online following an unsuccessful extortion attempt. This breach impacted approximately 431,000 unique email addresses, along with associated names, phone numbers, and physical addresses.
