CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

CarGurus data breach exposes 12.4 million records

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The ShinyHunters extortion group has leaked personal information from 12.4 million CarGurus accounts. The data includes email addresses, phone numbers, physical addresses, and financial application details. CarGurus has not confirmed the breach, but HaveIBeenPwned (HIBP) has verified the dataset, noting that 3.7 million records are new. The leaked data could be used for phishing attacks. CarGurus is a U.S.-based digital auto platform with an estimated 40 million monthly visitors. The breach follows a pattern of similar attacks by ShinyHunters, who often use social engineering to gain access to SaaS platforms like Salesforce and Microsoft 365.

Timeline

  1. 24.02.2026 20:08 1 articles · 2h ago

    ShinyHunters leaks 12.4 million CarGurus records

    On February 21, the ShinyHunters extortion group published a 6.1GB archive containing 12.4 million records allegedly stolen from CarGurus. The dataset includes personal information such as email addresses, phone numbers, and financial application details. HaveIBeenPwned (HIBP) verified the dataset, noting that 3.7 million records are new. CarGurus has not confirmed the breach.

    Show sources
    Open in new tab

Information Snippets