HQ/EMEAFind out how we can help your business
A threat actor has allegedly infiltrated the GitLab repositories of the international car rental company Europcar Mobility Group.
Reports revealed that the attackers stole source code for Android and iOS apps and some personal data from at least 200,000 customers. Moreover, the hackers reportedly attempted to extort the organisation by threatening to expose 37GB of the alleged nabbed information. These details contained purported backups and information about the firm’s cloud infrastructure and internal applications.
Europcar is a car rental company that offers various types of vehicles.
Europcar Mobility Group is a subsidiary of Green Mobility Holding that offers various compact cars, luxury vehicles, vans, and trucks. The company’s extensive customer base includes people in about 140 countries on multiple continents.
However, in late March, a threat actor using the company’s identity as an alias revealed that they had successfully infiltrated Europcar’s systems and accessed all of its GitLab repositories.
They claimed to have copied over 9000 SQL files from the repository, with backups containing personal information and at least 269 [.]ENV files, which store app configuration settings, environment variables, and sensitive information.
The threat actor, which claimed responsibility for the attack on Europcar, posted screenshots of credentials found in the source code they allegedly stole to prove the legitimacy of the breach.
A source stated that the obtained data is confirmed, and the affected company is currently assessing the degree of the risk. Still, reports insisted that the threat actor’s claim that they took all of the company’s GitLab repositories is incorrect.
While the entire threat is still being assessed, the stolen data only contains the names and email addresses of Goldcar and Ubeeqo subscribers. According to online stats, the number of affected clients might range from 50,000 to 200,000, with some dating back to at least 2017 to 2020.
Sensitive details, such as bank and credit card numbers or passwords, have not been compromised yet. Furthermore, the company is notifying all affected consumers and has contacted the country’s data protection regulator.
For now, it is unknown what the threat actor’s infection vector is to the firm’s code repositories, but many previous breaches have been fueled by credentials obtained through infostealer attacks.
