// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / CarGurus
Breach Record

CarGurus

DISCLOSED 2026-02-14 · STOLEN CREDS · 12,461,887 RECORDS EXPOSED

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and...

The record

What we know

Disclosed
2026-02-14
Attack vector
Stolen Creds
Records exposed
12,461,887
Domain
cargurus.com
Data classes exposed
Email addressesIP addressesNamesPhone numbersPhysical addresses
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the CarGurus disclosure. It updates if new public reporting emerges. All tracked breaches →

CarGurus just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →