Public breachBreachXposedOrNot· 1 Feb 2026

CarGurus

Domain: cargurus.com

What happened

CarGurus, an automotive marketplace, was targeted in February 2026 by the threat actor ShinyHunters, with data later published publicly exposing over 12M email addresses along with user account IDs, names, phone numbers, physical and IP addresses, and auto finance application outcomes.

Breach facts

Records exposed: 12,510,981
Sensitive: No
Industry: Retail
Data exposed: Email addressesNamesPhone numbersPhysical addressesIP addresses

Check my email →← All breaches

This page summarises publicly reported breach metadata for awareness. For account recovery or incident response, use the official guidance from the affected service.

Breach data provided by XposedOrNot.