好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,理解主要信息。 文章标题是“ShinyHunters网络攻击影响CarGurus 1240万用户”。作者是Pierluigi Paganini,日期是2026年2月25日。内容主要讲的是ShinyHunters黑客组织泄露了CarGurus平台上1240万个账户的数据,包括电子邮件、账户ID、财务申请、经销商信息、姓名、电话号码、地址、IP地址和汽车金融申请结果。这次数据泄露是在一次勒索企图失败后发生的。 接下来,文章提到ShinyHunters在2月21日泄露了一个6.1GB的压缩档案,包含超过1240万条记录。HaveIBeenPwned(HIBP)也添加了CarGurus到他们的数据库中,并指出其中70%的电子邮件地址已经存在于他们的数据库中。 泄露的数据包括电子邮件地址、姓名、物理地址、IP地址和电话号码。这次数据泄露给用户带来了多种风险,如钓鱼攻击、社会工程攻击、身份盗窃、财务欺诈和账户接管等。此外,ShinyHunters最近还攻击了其他大公司,如Odido、Figure、Canada Goose和SoundCloud,并主要通过社会工程手段窃取凭证。 现在我需要将这些信息浓缩到100字以内。首先确定关键点:ShinyHunters攻击CarGurus,影响1240万用户;泄露数据包括个人信息;导致多种安全风险;ShinyHunters近期多次攻击大公司。 接下来组织语言:开头直接说明事件,然后简要描述影响和后果。确保在字数限制内涵盖所有重要信息。 最后检查是否符合要求:不使用特定开头语句,直接描述内容;控制在100字以内。 </think> ShinyHunters黑客组织泄露了CarGurus平台上1240万个账户的数据,包括电子邮件、姓名、地址等个人信息。此次数据泄露可能导致钓鱼攻击、身份盗窃等安全风险。ShinyHunters近期还攻击了其他多家公司,并主要通过社会工程手段窃取凭证。 2026-2-25 11:37:58 Author: securityaffairs.com(查看原文) 阅读量:8 收藏
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
Pierluigi Paganini
February 25, 2026
ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform.
The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S., Canada, and the U.K., its platform analyzes listings to identify good deals and provides tools for pricing, dealer reviews, and vehicle history. The site attracts around 40 million monthly visitors and is publicly traded, making it a major player in online car shopping and automotive research.
In February 2026, CarGurus suffered a data breach that exposed personal information, including emails, account IDs, finance applications, dealer info, names, phone numbers, addresses, IPs, and auto finance application results after a failed extortion attempt.
On February 21, the ShinyHunters group leaked a 6.1GB compressed archive containing over 12.4 million records.
The data breach monitoring service HaveIBeenPwned (HIBP) also added CarGurus to its database.
New breach: CarGurus had more than 12M unique email addresses exposed in a breach earlier this month. Data also included names, phone numbers and physical and IP addresses. 70% were already in @haveibeenpwned. Read more: https://t.co/YkLIpKCGtp
— Have I Been Pwned (@haveibeenpwned) February 22, 2026
Compromised data includes:
- Email addresses
- Names
- Physical addresses
- IP addresses
- Phone numbers
The CarGurus data breach poses multiple risks for customers. With personal information such as names, email addresses, phone numbers, and account IDs exposed, individuals face a heightened risk of phishing and social engineering attacks, as cybercriminals can craft convincing messages using real data. The leak of finance application details and other sensitive records also opens the door to identity theft and financial fraud. Exposed account information increases the likelihood of account takeovers, especially if users reuse passwords across platforms. Additionally, the disclosure of physical addresses and IP data raises privacy concerns, potentially enabling targeted marketing, stalking, or other malicious activity. Overall, these risks highlight the importance of vigilance, strong password hygiene, and monitoring for suspicious activity following the breach.
The ShinyHunters extortion group has recently targeted major companies, leaking data when ransom demands fail. Victims include Odido, Figure, Canada Goose, and SoundCloud. The group primarily uses social engineering, especially voice phishing, to steal credentials and access SaaS platforms like Salesforce, Okta, and Microsoft 365.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ShinyHunters)
如有侵权请联系:admin#unsafe.sh