ShinyHunters Strike Again: 1.7 Million Corporate Records Stolen in CarGurus Data Breach

CarGurus, an online car marketplace, has reportedly fallen victim to a data breach by the notorious hacking collective ShinyHunters. According to sources, ShinyHunters stole over 1.7 million records from CarGurus, including personally identifiable information (PII) and internal corporate data. This incident marks another successful attack by ShinyHunters, who have already breached 15 organizations in a similar manner recently.

The breach is believed to have occurred via vishing attacks, where ShinyHunters impersonated IT staff and tech operatives to trick employees into divulging their MFA settings. The attackers then utilized customized infrastructure to create highly modular, customizable phishing landing pages that could be tweaked in real-time. These landing pages were tailored to specific MFA protocols used by the target companies, allowing the attackers to gain access to sensitive data.

In this case, ShinyHunters targeted companies using Google SSO, Okta, or Entra dashboards, from which they stole data such as Salesforce, Microsoft 365, SharePoint, DocuSign, Dropbox, and other services. The hackers' preference for Salesforce is noteworthy, as they tend to exploit this platform in their attacks.

The stolen records were posted on ShinyHunters' data leak site, prompting CarGurus to take action. The company has not yet commented publicly on the breach, but its website remains unchanged. This lack of transparency raises concerns about the severity of the breach and the steps being taken by CarGurus to mitigate its impact.

Experts attribute ShinyHunters' success to their combination of vishing tactics and customized infrastructure. Their ability to create tailored phishing landing pages has proven highly effective in breaching organizations. Google and Mandiant experts have highlighted this strategy, noting that it allows attackers to adapt to specific MFA protocols used by the target companies.

ShinyHunters' modus operandi typically involves a phone call impersonating IT staff or tech operatives, claiming that the employee's MFA settings need updating. The attackers then use their customized infrastructure to create landing pages that can be tailored to the specific MFA protocol used by the employee. This approach allows them to bypass security measures and gain access to sensitive data.

The impact of this breach is significant, with 1.7 million records stolen. ShinyHunters' preference for Salesforce is notable, as they tend to exploit this platform in their attacks. The fact that multiple organizations, including CarGurus, have fallen victim to this attack highlights the need for robust cybersecurity measures and awareness among employees.

In conclusion, the CarGurus data breach highlights the ongoing threat of vishing attacks and customized infrastructure-based phishing tactics. As hackers continue to evolve and refine their methods, it is essential for companies to stay vigilant and implement effective security measures to protect their sensitive data. By understanding the tactics used by attackers like ShinyHunters, organizations can take proactive steps to prevent similar breaches in the future.

**Recommended Antivirus Software**

For optimal protection against malware and other cyber threats, consider the following antivirus software:

* Best overall: Bitdefender Total Security * Best for families: Norton 360 with LifeLock * Best for mobile: McAfee Mobile Security

Stay informed about the latest cybersecurity news and trends by following TechRadar on Google News and adding us as a preferred source.