• Cybercriminal advertises stolen archive on an underground forum
• It was confirmed to have come from car rental giant Europcar
• The company is now investigating and notifying the customers

Europcar has reportedly suffered a data breach in which it lost sensitive data on hundreds of thousands of customers.

A threat actor with the alias 'Europcar' posted a new thread in an underground forum, claiming to have “successfully breached Europcar’s systems and obtained all their GitLab repositories”.

As a result, the attacker took more than 9,000 SQL files from the repository, containing sensitive personal data, as well as at least 269 .ENV files, which are used to store configuration settings for apps, and more.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Names and emails stolen

The company later confirmed the breach to BleepingComputer, saying it is assessing the damage and notifying affected individuals. It also said that it is not true that its entire repository was compromised - a small part of the source code was not stolen, apparently.

We don’t know exactly what kind of information the hacker stole, but initial reports mention names and email addresses of Goldcar and Ubeeqo users, generated between 2017 and 2020. Payment information was not exposed, however.

The publication also reported that the threat actor wanted to extort the company, but did not clarify if Europcar paid the ransom demand or not. It seems it didn’t.

The information is currently ongoing and it's not known exactly how the hackers compromised Europcar’s GitHub account. They could have stolen the credentials via phishing, infostealer malware, or with brute force. The first two options are more viable.

GitHub, being one of the world’s most popular open source code repositories, is a major target for cybercriminals.

Oftentimes, they would spoof popular repositories and infect them with infostealers, tricking developers into downloading the wrong package and compromising their infrastructure. Developers are urged to be careful, to always double-check repository names, to read through the reviews and the comments.

Via BleepingComputer

You might also like

• Europcar denies data breach affecting 50 million customers — says ChatGPT is to blame in creating fake data
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app