Edmunds, a major American car shopping platform, has allegedly been breached by the infamous ShinyHunters cybergang. User data, including account passwords, is supposedly impacted by the attack.
Edmunds data was posted on a popular data leak forum that attackers use to exchange stolen details. According to the post’s author, the company suffered a data breach sometime in January 2026.
Edmunds is a popular car-shopping platform with hundreds of thousands of users. The platform is owned by the used-vehicle retailing behemoth CarMax.
We have reached out to Edmunds and will update the article once we receive a reply.
Meanwhile, the Cybernews research team looked into data sample attackers attached to the data leak forum post. According to the team, the leaked data appears to be legitimate.
The data sample aligns with attackers' claims and includes a file containing a list of unique emails, totaling 186k records.
Other leaked Edmunds data includes:
- Usernames
- Email addresses
- Passwords
- Vehicle reports from 2018 to 2022
Researchers noted that some password records indicate they were encrypted using base64 hashes. Security researchers have been advising against using this hash for protecting sensitive data for years.
However, other passwords were not hashed, with the team noting some duplicates in the dataset, which means that the number of users who had their passwords revealed could be fewer than 146K mentioned in the attackers’ post.
Malicious actors could use the stolen details for various purposes, the most obvious being account takeover. Attackers could utilize exposed credentials to access exposed Edmunds accounts and obtain additional information about the site's users.
Armed with additional information about exposed users, attackers could attempt credential stuffing on other online services. Since many users reuse passwords, exposing one set of credentials can open up far more services than users would like to admit.
Finally, attackers could utilize the data for social engineering attacks, impersonating exposed users.
ShinyHunters is among the most aggressive cybergangs currently operating. The cybercrime collective was previously linked to multiple high-profile breaches and large-scale data theft campaigns, including last year’s Salesforce CRM data heist.
The cyberattack on Salesforce enabled numerous large-scale data thefts across hundreds of organizations, including big names ranging from Jaguar Land Rover, Gucci, and Chanel to Cisco Systems and Google.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked