CarGurus data breach exposes information of 12.4 million accounts

BAIFH IT

CarGurus Data Breach: 124 Million Users Shat On Via Some Other Fucker’s Cloud Database

Oh brilliant. Just what we fucking needed. CarGurus, that digital cesspool where mouth-breathers go to haggle over rusted death traps, has announced they’ve shit the bed on a spectacular scale. One hundred and twenty-four million user accounts are now floating around the dark web because some cloud database – and here’s the kicker, it wasn’t even THEIR fucking database – had all the security of a wet paper bag.

The bastards spotted the breach on May 16th, after it started on the 14th. They finally slapped a band-aid on it by May 21st. Then they sat on their fucking hands for SEVEN MONTHS before telling anyone. You know, classic “responsible disclosure” – wait until the stock options vest and hope the lawyers can find a loophole marked “it’s the contractor’s fault, lol.”

What did the scumbags make off with? Names, email addresses, phone numbers, IP addresses, and – my personal favorite – VIN numbers and purchase offers. So now some Ukrainian teenager knows exactly what shitbox you drive, where you live online, and how much you lowballed someone for a 2007 Honda Civic. But don’t panic! They didn’t get passwords or Social Security numbers, so CarGurus gets to act like they’ve achieved the bare minimum of not being completely fucking useless.

The cherry on this shit sundae? It came from a “non-CarGurus business partner.” That’s corporate-speak for “we outsourced our security to the cheapest bidder on Upwork and are now shocked – SHOCKED – that it exploded in our entitled faces.” But sure, let’s keep trusting the cloud. The cloud is just someone else’s computer, and in this case, it’s someone else’s computer being administered by a fucking intern.

Their stellar advice to users? “Monitor for phishing emails.” Yeah, because these mouth-breathers weren’t already drowning in enough scam attempts. No need to change passwords though, so I suppose we should be grateful for these minuscule fucking mercies in the ongoing clown show that passes for cybersecurity these days.

https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/

Some simpering fuckwit called me this morning, wailing about how their “privacy had been violated.” I told them their privacy was violated the moment they gave their real email to a free fucking website instead of the burner account like God intended. They asked what they should do now. I suggested they write a strongly-worded letter to their congressman, print it out, and then use it as kindling for the bonfire of their digital life decisions. They hung up.