The database of 1.4 million users claimed to be belonging to Autotrader, a US-based online marketplace for car buyers and sellers, has been leaked on the dark web. On a hacker forum, a post shared by IntelBroker claimed to have information such as id, brand, model, email, name, address, etc, of the company. IntelBroker has earlier been linked to the Endurance ransomware gang.
In the post, the hacker claimed that they stole system data from the online car trading company headquartered in Atlanta, Georgia, United States. The cybercrime, according to the post, took place in January 2023 when the cybercriminals exfiltrated the data of 1.4 million users.
Autotrader refutes the hacker’s claims
Meanwhile, Autotrader has notified The Cyber Express that “data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods”
At this time, we have no evidence of improper access to our systems or data. Moreover, none of the data referenced relates to consumer vehicle listings or related data,” it added.
Series of attacks by IntelBroker
On January 6, 2023, IntelBroker, uploaded the stolen data for potential buyers to download. They have data related to car models, type, VIN, mileage, site link, etc.
Endurance ransomware gang recently put on sale stolen data from the Swedish vehicle manufacturer Volvo cars. The gang put a price of $2,500 on the vehicle data, which was asked in the XMR cryptocurrency.
This is likely the gang’s second automobile victim.
The US Federal government has been tracking the fraudulent activities of the IntelBroker, which acts as a vendor that sells stolen data on the dark web. They put on sale the data from Selix marketplace which is an eCommerce software. Their other victims include TheBodyShop Indonesia and Dr. Martens, which are small businesses in the retail sector.
Screenshot of the leak site post of Dr Martens (Source: Secplicity)
This cybercriminal tends to make individual posts about data on sale. The earlier advertisement for Dr Martens data read that it was on sale for $3000. The group claimed to have exfiltrated source code, allure reports, backend configuration, etc. As per reports, the hacker put the data on sale after the company declined their ransom demand.
Screenshot of the selling of TheBodyShop Indonesia data (Source: Secplicity)
Earlier in November, the group targeted TheBodyShop Indonesia and demanded a ransom of $5500 for the encryption of the data. However, when the demand was not met, the hacker reduced the amount to $1000 in monero cryptocurrency for buyers on the dark web.
That’s an old car inventory list (not users) from some day in 2019/2020. Dealer email addresses are relatively in the public domain so… buy, buy, buy!