Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: automotive (2 articles)Clear

Automotive marketplace Edmunds added to Have I Been Pwned with 177,860 breached accounts; expect car-buying-themed phishing

Have I Been Pwned has added the US automotive marketplace Edmunds to its breach corpus with 177,860 unique email addresses. Edmunds is a widely used car-research and shopping platform offering pricing, reviews, and dealer listings. As is typical for HIBP additions, the underlying breach source and disclosure details are not published alongside the entry, but the listing lets individuals and organizations check whether their accounts appear in the leaked dataset. Affected users should anticipate car-buying-themed phishing such as financing offers, dealer-contact lures, or vehicle-quote follow-ups, and should rotate any reused passwords. The addition continues a steady run of mid-size US consumer-platform breaches surfacing in HIBP.

Check
Check whether your @company emails appear in HIBP's Edmunds corpus. Warn affected staff about car-buying-themed phishing (financing offers, dealer contacts) over the next 30-60 days.
Affected
177,860 unique email addresses tied to Edmunds accounts. Reused passwords are the primary downstream risk; expect automotive-themed phishing and credential-stuffing against other services.
Fix
Affected individuals: rotate Edmunds passwords and any reused elsewhere, enable MFA. Organizations: add Edmunds to breach-monitoring watchlists and brief staff on car-shopping-themed social engineering.

Skoda Auto's German online shop breached via e-commerce software flaw - customer names, addresses, phones, and password hashes exposed; server logs cannot confirm full exfiltration

Skoda Auto, the Volkswagen Group's Czech-built carmaker with 34,000 employees and 27 billion euros in annual sales, disclosed that attackers exploited a flaw in its German online shop software to access customer data. The breach hit shop.skoda-auto.de, not Skoda's global systems or the Skoda Connect portal. Exposed information includes names, addresses, email addresses, phone numbers, order history, account data, and password hashes. Payment card details were not stored on the affected system. Skoda took the shop offline, patched the flaw, and engaged external forensics, but admitted its server logs cannot retrospectively confirm exactly what data was copied out during the intrusion window.

Check
Check the email account used for any past Skoda online shop orders, search your password manager for credentials reused across Skoda and other services, and watch for German-language phishing referencing real order numbers.
Affected
Customers who created an account or placed an order on shop.skoda-auto.de (Skoda Auto Germany's online store). The Skoda Connect Portal and Skoda's global systems are not affected per the company.
Fix
Change the Skoda online shop password and any other service using the same credentials, and enable MFA where available. Do not click links in emails or texts about Skoda orders; verify directly through the shop website.