ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S., […] ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S., Canada, and the U.K., its platform analyzes listings to identify good deals and provides tools for pricing, dealer reviews, and vehicle history. The site attracts around 40 million monthly visitors and is publicly traded, making it a major player in online car shopping and automotive research. In February 2026, CarGurus suffered a data breach that exposed personal information, including emails, account IDs, finance applications, dealer info, names, phone numbers, addresses, IPs, and auto finance application results after a failed extortion attempt. On February 21, the ShinyHunters group leaked a 6.1GB compressed archive containing over 12.4 million records. The data breach monitoring service HaveIBeenPwned (HIBP) also added CarGurus to its database. New breach: CarGurus had more than 12M unique email addresses exposed in a breach earlier this month. Data also included names, phone numbers and physical and IP addresses. 70% were already in @haveibeenpwned. Read more: https://t.co/YkLIpKCGtp— Have I Been Pwned (@haveibeenpwned) February 22, 2026
Published: 2026-02-25T11:37:58