Automobile rental firm Europcar says it has not suffered a data breach and that shared buyer information is faux after a menace actor claimed to be promoting the private data of fifty million clients.
On Sunday, an individual claimed to be promoting the info for 48,606,700 Europcar.com clients on a well-liked hacking discussion board.
The put up included samples of the stolen information for 31 alleged Europcar clients, together with names, addresses, start dates, driver’s license numbers, and different info.
Supply: BleepingComputer
Nevertheless, after contacting Europcar final evening, BleepingComputer was advised that the breach was faux and that the info was fabricated utilizing synthetic intelligence.
“After being notified by a menace intel service that an account pretends to promote Europcar information on the darkish web and totally checking the info contained within the pattern, we are assured that this commercial is fake:
– the variety of data is totally incorrect & inconsistent with ours,
– the pattern information is probably going ChatGPT-generated (addresses do not exist, ZIP codes do not match, first identify and final identify do not match e-mail addresses, e-mail addresses use very uncommon TLDs),
– and most significantly: none of those e-mail addresses are current in our database.”
As Have I Been Pwned’s Troy Hunt explains, whereas a lot of the info is clearly faux, he doesn’t imagine it was created utilizing synthetic intelligence.
Hunt identified that the e-mail addresses don’t match the usernames. For instance, all usernames comprise both a primary or final identify, however none match the complete identify listed within the information.
The second indicator that the info is faux is that the addresses merely don’t exist. For instance, two of the listed buyer data use the non-existent cities of “Lake Alyssaberg, DC” and “West Paulburgh, PA.”
Supply: BleepingComputer
One other indicator is that the addresses and telephone numbers are for areas within the U.S., but most of the related emails are for different international locations.
Whereas Europcar advised BleepingComputer they imagine this information was created utilizing AI, Hunt factors out that among the e-mail addresses are actual, showing in earlier data breaches monitored by Have I Been Pwned.
As an alternative, Hunt believes the point out of synthetic intelligence is only a scorching take based mostly on the topic’s reputation and was not concerned in creating this information.
“We have had fabricated breaches since ceaselessly as a result of individuals need airtime or to make a reputation for themselves or possibly a fast buck,” explains Hunt.
“Who is aware of, it does not matter, as a result of none of that makes it “AI” and in search of out headlines or sending spam pitches on that foundation is simply plain dumb.”
As identified by security researcher NexusFuzzy, there are current initiatives that enable anybody to create information that appears virtually precisely like what was shared within the faux data breach samples.
Whereas menace actors already use synthetic intelligence as a part of their scams and assaults, and will doubtless increase its use sooner or later, this incident doesn’t seem like one in all them.
