CarGurus 12.4 million-record data leak
Data Leak
Summary
Hide ▲
Show ▼
A 6.1GB archive tied to CarGurus was published, exposing 12.4 million records and increasing phishing and scam risk for affected users. The dataset includes email addresses, phone numbers, physical addresses, and finance application data. A breach-monitoring service later validated the dataset, indicating the leak was circulating broadly. Roughly 3.7 million records are described as fresh, making the exposure especially useful for fraud and credential-abuse attempts.
Related Happenings
Nissan employee data leak via Oracle PeopleSoft zero-day
Data Leak
H score49
First: 30.06.2026 19:00
Last: 30.06.2026 19:00
Sources 1
About this happening:
**Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...
Nissan employee data leak via Oracle PeopleSoft zero-day
Data LeakAbout this happening: **Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...
National Association of Insurance Commissioners data leak claims
Data Leak
H score82
First: 29.06.2026 23:30
Last: 29.06.2026 23:30
Sources 1
About this happening:
ShinyHunters' **June 25 leak update** turned the NAIC intrusion into a public **data leak** and raised questions about what was actually taken from the insurer regulator. The grou...
National Association of Insurance Commissioners data leak claims
Data LeakAbout this happening: ShinyHunters' **June 25 leak update** turned the NAIC intrusion into a public **data leak** and raised questions about what was actually taken from the insurer regulator. The grou...
DentaQuest 2.6 million-account data leak
Data Leak
H score65
First: 04.06.2026 21:36
Last: 04.06.2026 21:36
Sources 1
About this happening:
**DentaQuest**'s **public leak** exposed records for **2.6 million accounts**, putting **personal and health-related data** at risk. The leak followed **ShinyHunters**' claim to h...
DentaQuest 2.6 million-account data leak
Data LeakAbout this happening: **DentaQuest**'s **public leak** exposed records for **2.6 million accounts**, putting **personal and health-related data** at risk. The leak followed **ShinyHunters**' claim to h...
Carnival Corporation customer data leak
Data Leak
H score60
First: 28.05.2026 13:49
Last: 28.05.2026 13:49
Sources 1
About this happening:
**Carnival Corporation** confirmed a **customer data leak** that exposed personal information for **5,995,277 people**, making this a large-scale privacy and identity-risk event....
Carnival Corporation customer data leak
Data LeakAbout this happening: **Carnival Corporation** confirmed a **customer data leak** that exposed personal information for **5,995,277 people**, making this a large-scale privacy and identity-risk event....
7-Eleven franchisee-docs and Salesforce data leak
Data Leak
H score53
First: 18.05.2026 14:25
Last: 18.05.2026 14:25
Sources 1
About this happening:
**7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...
7-Eleven franchisee-docs and Salesforce data leak
Data LeakAbout this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...
Latest development: 26.05.2026 10:01
Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.
Timeline
-
24.02.2026 20:08 2 articles · 4mo ago
ShinyHunters publishes CarGurus archive
Initial DisclosureShinyHunters published a 6.1GB archive on February 21, 2026 that it said contained CarGurus data, exposing 12.4 million records with email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information.
Show sources
- CarGurus data breach exposes information of 12.4 million accounts — www.bleepingcomputer.com — 24.02.2026 20:08
- CarGurus data breach exposes information of 12.4 million accounts — www.bleepingcomputer.com — 24.02.2026 20:08
-
24.02.2026 20:08 1 articles · 4mo ago
HaveIBeenPwned adds CarGurus dataset
Detection Ioc UpdateA day later, the HaveIBeenPwned (HIBP) data breach monitoring and alerting platform added the CarGurus dataset after validating the leaked records, listing email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information as compromised; HIBP said about 70% of the leaked data was already in its database, leaving roughly 3.7 million fresh records.
Show sources
- CarGurus data breach exposes information of 12.4 million accounts — www.bleepingcomputer.com — 24.02.2026 20:08