CarGurus: ShinyHunters copy datasets of 12.5 million users

The criminal online gang ShinyHunters has copied data from users of the vehicle sales service provider CarGurus Inc. After an apparently failed extortion attempt against the company, which has also been active in Germany since 2017, the data is now public. The check service Have-I-Been-Pwned (HIBP) by Troy Hunt has incorporated the data. Anyone who has used the platform can now check if their information is affected.

As Hunt writes on the Have-I-Been-Pwned overview page for data leaks, the published data comprises more than 12 million email addresses in several files. In addition, user account IDs, data from financial pre-checks, dealer accounts, and subscription information are included. Hunt further explains that names, phone numbers, addresses, and IP addresses, as well as the outcome of financing requests, are also impacted.

CarGurus: extensive dataset copied

According to ShinyHunters' leak site on the darknet, the data is 6.1 GB compressed and comprises more than 12.4 million entries – this matches Troy Hunt's figures. The cyber gang reportedly published the data last Saturday. Hunt added it to the HIBP data collection yesterday, Sunday.

ShinyHunters first came to attention around mid-December when the criminals stole data from a Pornhub service provider and threatened to publish it. This data belonged to users of the pornography platform's premium service. At the time, the group's darknet presence was offline. However, it is now accessible again.

Anyone who wants to check if their email address is included in this or other data leaks can easily do so on the website of the Have-I-Been-Pwned project. The Identity Leak Checker from the Hasso Plattner Institute offers a comparable service, as does the University of Bonn with its Identity Leak Checker. In early November last year, the Have-I-Been-Pwned project added 1.3 billion newly leaked email addresses to its data pool. They originated from data collections created by infostealer malware.

(dmk)