Hackers leak 12.5 million CarGurus records in data breach

More than 12.5 million accounts linked to CarGurus, an online automotive marketplace, have been exposed in a data breach that included personal and account information, according to the data breach notification site Have I Been Pwned.

The site reported that the compromised data includes names, IP addresses, email addresses, phone numbers and physical addresses. Also published were user account ID mappings, finance prequalification application details, and dealer account and subscription information.

Have I Been Pwned attributed the breach to the hacking group known as ShinyHunters. The group has previously been linked to a series of high-profile cyber incidents and is known for using social engineering techniques, including impersonating employees in calls to corporate help desks in order to gain access to internal systems. 

Last month, Have I Been Pwned disclosed that data allegedly linked to CarMax had been published online following what it described as a failed extortion attempt. That breach reportedly involved around 431,000 unique email addresses, along with associated names, phone numbers and physical addresses.