What hacking group allegedly targeted CarGurus?

The hacking group ShinyHunters is allegedly responsible for the vishing attack on CarGurus.

How many records were allegedly stolen from CarGurus?

Hackers claim to have stolen approximately 1.7 million records from CarGurus.

What is the deadline for CarGurus to respond to the hackers?

The hackers have set a deadline of February 20, 2026, for CarGurus to respond.

Home / Technology / CarGurus Hit by Major Data Breach

CarGurus Hit by Major Data Breach

20 Feb

•

Summary

Hackers claim to have stolen 1.7 million records.
CarGurus has not commented on the alleged breach.
Attackers use vishing and customized phishing pages.

Online car marketplace CarGurus is allegedly facing a significant data breach, purportedly at the hands of the notorious ShinyHunters hacking collective. The group has issued a warning, setting a deadline of February 20, 2026, for CarGurus to respond before they leak an estimated 1.7 million stolen records.

These records allegedly include personally identifiable information and internal corporate data. If confirmed, this would mark CarGurus as the 15th victim of a recent trend involving vishing attacks that compromise Single Sign-On (SSO) dashboards like Okta, Entra, or Google. The attackers reportedly impersonate IT staff, phish for credentials and MFA codes using customized landing pages, and then exfiltrate data from compromised systems.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.