ShinyHunters Claims Theft of 1.7 Million CarGurus Records via SSO Vishing

 ShinyHunters ransomware group claims data breach on CarGurus, an online automotive marketplace. 

The group allegedly gained access on February 13, 2026, using voice phishing to trick employees into providing single-sign-on (SSO) codes for platforms including Okta, Microsoft Entra, and Google. 

The hackers claim the stolen data includes:

• Personally identifiable information (PII)
• Internal corporate documents
• Employee records
• Technical data and potentially source code

The group claims 1.7 million records were stolen. The number of affected individuals is not disclosed. 

CarGurus has not issued a formal public statement  The group set a deadline of February 20, 2026, for the company to negotiate, threatening to leak the data .

Update - as of 22nd of February 2026, Have I Been Pwned reports that 12.5 million CarGurus accounts were compromised in the incident.