Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CarGurus 12.4 million-record data leak

Data Leak
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

A 6.1GB archive tied to CarGurus was published, exposing 12.4 million records and increasing phishing and scam risk for affected users. The dataset includes email addresses, phone numbers, physical addresses, and finance application data. A breach-monitoring service later validated the dataset, indicating the leak was circulating broadly. Roughly 3.7 million records are described as fresh, making the exposure especially useful for fraud and credential-abuse attempts.

Related Happenings

7-Eleven franchisee-docs and Salesforce data leak

Data Leak
First: 18.05.2026 14:25 Last: 18.05.2026 14:25 Sources 1

About this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...

Latest development: 26.05.2026 10:01

Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.

Open Happening

Zara customer data leak exposing 197,400 people

Data Leak
First: 08.05.2026 13:42 Last: 08.05.2026 13:42 Sources 1

About this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...

Open Happening

Moltbook wide-open database exposure

Data Leak
First: 22.04.2026 13:41 Last: 22.04.2026 13:41 Sources 1

About this happening: The **Moltbook** database exposure placed **35,000 email addresses** and **1.5 million agent API tokens** at risk, creating immediate potential for account hijacking and credentia...

Open Happening

Figure email-record breach

Data Leak
First: 09.04.2026 17:02 Last: 09.04.2026 17:02 Sources 1

About this happening: The **Figure** data breach exposed **nearly 967,200 email records**, creating a large pool of identifiers that can fuel **credential stuffing** and **targeted phishing**. The expo...

Open Happening

Aura hit by network compromise

Incident
First: 19.03.2026 00:56 Last: 19.03.2026 00:56 Sources 1

About this happening: **Aura** confirmed a **voice-phishing breach** that gave an unauthorized party access to customer records, exposing data tied to **20,000 current** and **15,000 former customers**...

Open Happening

Timeline

  1. 24.02.2026 20:08 2 articles · 3mo ago

    ShinyHunters publishes CarGurus archive

    Initial Disclosure

    ShinyHunters published a 6.1GB archive on February 21, 2026 that it said contained CarGurus data, exposing 12.4 million records with email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information.

    Show sources
    Open in new tab
  2. 24.02.2026 20:08 1 articles · 3mo ago

    HaveIBeenPwned adds CarGurus dataset

    Detection Ioc Update

    A day later, the HaveIBeenPwned (HIBP) data breach monitoring and alerting platform added the CarGurus dataset after validating the leaked records, listing email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information as compromised; HIBP said about 70% of the leaked data was already in its database, leaving roughly 3.7 million fresh records.

    Show sources
    Open in new tab