Europcar: Customer data and source codes stolen
A cybercriminal has apparently tapped into the data of up to 200,000 Europcar customers and attempted to blackmail the company.
(Image: smolaw/Shutterstock.com)
The car rental company Europcar has allegedly been the victim of a cyber attack. A cybercriminal has stolen customer data and other confidential information. As the tech website Bleeping Computer reports, the attacker is believed to have infiltrated the car rental company's GitLab repos and stolen data from up to 200,000 customers and the source code for Android and iOS applications.
According to the report, a user calling himself Europcar claimed in an internet forum that he had "successfully penetrated Europcar's systems and obtained all GitLab repositories". As proof, the perpetrator published screenshots of login credentials contained in the stolen source code.
The captured data set is 37 gigabytes in size and contains backups and details about the company's cloud infrastructure and internal applications. According to Bleeping Computer, the attacker attempted to blackmail Europcar by threatening to publish the data.
Course of the cyberattack unclear
According to Bleeping Computer, it is still unclear how he was able to gain access to Europcar's repositories, but many of the recent security breaches were triggered by credentials captured by Infostealer. At the beginning of last year, Europcar was already the alleged victim of a data leak. An online criminal claimed to have broken into the car rental company's IT system and copied around 50 million data records. Europcar dismissed the claim at the time, saying that the data was fake and could not have originated from the company.
Videos by heise
In the current case, however, it does not appear to be fake. Europcar has confirmed the data leak, but is still assessing the exact extent of the damage, writes Bleeping Computer. However, not all of the company's GitLab repositories have been stolen. According to the report, a small part of the source code remained untouched.
The stolen data "only" includes names and email addresses of Goldcar and Ubeeqo users. Goldcar is a car rental company and Ubeeqo is a car sharing company; both belong to Europcar. The number of customers affected could be between 50,000 and 200,000, some of them from 2017 and 2020, according to Bleeping Computer's calculations. The company has an extensive customer base in over 140 countries in Europe, North America, Asia and Africa. More sensitive information, such as bank and card details or passwords, were not compromised. According to the report, Europcar is in the process of informing all affected customers about the cyberattack. The responsible data protection authority is also said to have been informed about the data leak.
(akn)
