CarGurus Data Breach: ShinyHunters Exploit Vulnerability, Exposing User Information

CarGurus Breached by ShinyHunters, 1.7 Million Files Stolen

A prominent online vehicle research and shopping platform, CarGurus, has allegedly been breached by the ShinyHunters hacking group, resulting in the theft of approximately 1.7 million corporate files.

Breach Details

According to the hacking group, the breach occurred on February 13, when they obtained single sign-on codes through voice phishing, enabling them to infiltrate CarGurus’ systems.

Stolen Files and Impact

The stolen files reportedly contain personally identifiable information and internal company records.

ShinyHunters’ History of Breaches

This incident marks the latest in a series of breaches attributed to ShinyHunters, who have previously claimed responsibility for compromising Betterment and Panera Bread using similar tactics involving single sign-on codes.

In recent days, the group also purportedly breached investment advisory firms Mercer Advisors and Beacon Pointe Advisors, resulting in the theft of 5 million and 100,000 records, respectively.

Related Incidents

In a separate incident, luxury performance outerwear and clothing manufacturer Canada Goose, which was also recently claimed to have been breached by ShinyHunters, stated that the exposed data was from an old security incident and not a result of a new breach.

U.S. blockchain-based fintech firm Figure Technology Solutions reported that data from 967,200 accounts was exfiltrated following a ShinyHunters social engineering attack against an employee.

ShinyHunters’ Tactics

ShinyHunters’ tactics involve using social engineering techniques, such as voice phishing, to obtain sensitive information and gain unauthorized access to systems.

The group’s actions have resulted in significant data breaches, highlighting the importance of robust security measures to protect against such threats.

About Author

Vaibhav

See author's posts