CarGurus Data Breach Update - 12M Records Leaked by ShinyHunters

The hacking group ShinyHunters leaked over 12 million CarGurus records, dating back to 2006, after an extortion deadline expired. The exposed data includes emails, names, and IP addresses. The breach was confirmed by Have I Been Pwned (HIBP), and a search tool is available via a linked third-party site. Attackers used vishing to obtain SSO codes by socially engineering employees into sharing 2FA codes over the phone.