← All articles

Automotive marketplace Edmunds added to Have I Been Pwned with 177,860 breached accounts; expect car-buying-themed phishing

Have I Been Pwned has added the US automotive marketplace Edmunds to its breach corpus with 177,860 unique email addresses. Edmunds is a widely used car-research and shopping platform offering pricing, reviews, and dealer listings. As is typical for HIBP additions, the underlying breach source and disclosure details are not published alongside the entry, but the listing lets individuals and organizations check whether their accounts appear in the leaked dataset. Affected users should anticipate car-buying-themed phishing such as financing offers, dealer-contact lures, or vehicle-quote follow-ups, and should rotate any reused passwords. The addition continues a steady run of mid-size US consumer-platform breaches surfacing in HIBP.

Check
Check whether your @company emails appear in HIBP's Edmunds corpus. Warn affected staff about car-buying-themed phishing (financing offers, dealer contacts) over the next 30-60 days.
Affected
177,860 unique email addresses tied to Edmunds accounts. Reused passwords are the primary downstream risk; expect automotive-themed phishing and credential-stuffing against other services.
Fix
Affected individuals: rotate Edmunds passwords and any reused elsewhere, enable MFA. Organizations: add Edmunds to breach-monitoring watchlists and brief staff on car-shopping-themed social engineering.