ShinyHunters allegedly drove off with 1.7M CarGurus records

CarGurus allegedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday.

"This is a final warning to reach out by 20 Feb 2026 before we leak along with several annoying (digital) problems that'll come your way," ShinyHunters wrote in its announcement, seen by The Register and shared on social media. The digital crooks claimed the compromised files included personally identifiable information and "other internal corporate data."

CarGurus did not immediately respond to The Register's inquiries. We will update this story when we hear back from the company.

We also reached out to ShinyHunters to find out when and how they breached the car shopping site, but did not receive an immediate response.

The Wednesday posts cap a string of 15 breaches claimed by ShinyHunters and Scattered Lapsus$ Hunters ...