\n<\/p>\n
Automotive marketplace CarGurus was the target of a data breach in which the names, email addresses, phone numbers, and physical addresses of millions of customers were stolen. <\/p>\n
Have I Been Pwned, a data-breach notification site provided by security researcher Troy Hunt, reported that 12.5 million CarGurus accounts<\/a> were compromised in the data breach.<\/p>\n CarGurus, founded in 2006, operates an online marketplace that allows customers to buy, sell, and finance vehicle purchases.<\/p>\n Have I Been Pwned attributed the breach to the ShinyHunters hacking group.<\/p>\n The ShinyHunters group is known for its social engineering skills, such as calling up help desks and pretending to be employees who need their password reset. The hackers have used their social engineering skills to steal reams of data from several universities<\/a> and over a billion records<\/a> from Salesforce customers, including Google<\/a> and Workday<\/a>, and they claimed recent hacks at Pornhub<\/a> and fintech lending giant Figure<\/a>.<\/p>\n TechCrunch has reached out to CarGurus for comment and will update this article if the company responds. <\/p>\n The customer data that was published included user account ID mappings, finance prequalification application data, and dealer account and subscription information, according to Have I Been Pwned.<\/p>\n This is the second automotive-related data breach reported by Have I Been Pwned this year. Last month, data allegedly from CarMax was published following a failed extortion attempt, the data breach notification site reported<\/a>. The data breach included about 431,000 unique email addresses along with names, phone numbers, and physical addresses.<\/p>\n<\/div>\n