27.01.2026
2 min
346
In January 2026, the ShinyHunters hacking group claims it was able to gain access to the automobile shopping website Edmunds. Edmunds is an online automotive retail site owned by CarMax, and serves over 100,000 customers nationwide. Cybernews analysts have confirmed the legitimacy of the exposed data sample included with the hacker’s post, stating that the data sample includes usernames, email addresses, and vehicle history reports (dating back to 2018) and vehicle purchase history (dating back to 2019).
However, according to Cybernews analysts, many of the passwords are not hashed securely, but instead are simply base-64 encoded; also, there are multiple instances of duplicate emails and usernames within the sample indicating that the number of victims may be lower than reported by the hackers (146,000).
Cybercrime researchers believe the ShinyHunters hacking group has been responsible for at least 7 major data breaches in recent years, including the breach of the Salesforce CRM system in 2025.
Those breached included Jaguar Land Rover, Gucci, Chanel, Cisco, Google, and numerous others.
The risk of exploitation by these hackers include:
Account Takeover/credential stuffing
Social Engineering Attacks
Long Term Risks to Users due to poor password storage practices.
Data breaches are dangerous enough without weak password storage practices that increase the likelihood of exposure, and therefore, risk of loss of identity and financial security.
