iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Following a hacker’s claims that it had stolen the data of 50 million customers, car rental company Europcar has said that the data breach and alleged stolen data are fake.
As originally reported by BleepingComputer, a threat actor who goes by the name of “lean” on BreachForums made a post claiming to have the data of 48,606,700 users.
Data included “full subdomains, administrator panels and (username, password, full name, address, city, zip, city of birth, city of issuance, passport number, expiration date, driver’s license number, DNi email, number, bank)”.
The threat actor also posted samples of the data belonging to 31 customers as verification of the data’s authenticity.
However, responding to an inquiry from BleepingComputer, Europcar said the breach was fake and that the threat actor had created falsified records using artificial intelligence (AI).
“After being notified by a threat intel service that an account pretends to sell Europcar data on the dark net and thoroughly checking the data contained in the sample, we are confident that this advertisement is false,” said Europcar.
The car rental company said that the number of records listed is different to what Europcar has and that many of the email addresses and other details don’t exist, leading it to believe they are AI-generated.
It also said that none of the listed email addresses are in its database.
Troy Hunt of HaveIBeenPwned agrees that the hacker’s data is flawed and inconsistent with Europcar’s records.
Firstly on the legitimacy of the data, a bunch of things don't add up. The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people names. For example: pic.twitter.com/BKhWEIgFNu
— Troy Hunt (@troyhunt) January 31, 2024
However, Hunt said there is nothing to indicate that it was created using AI, adding that some of the emails are real and have been witnessed in other data breaches.
“We’ve had fabricated breaches since forever because people want airtime or to make a name for themselves or maybe a quick buck,” explained Hunt.
“Who knows, it doesn’t matter, because none of that makes it ‘AI’ and seeking out headlines or sending spam pitches on that basis is just plain dumb.”
Be the first to hear the latest developments in the cyber industry.
