On Sunday, a person in a well known hacking discussion board marketed what they claimed was a cache of stolen information from the rental automobile big Europcar. The person claimed to have stolen the private info of greater than 48 million Europcar clients, and mentioned they had been “listening to gives” to promote the hacked information.
Besides, the information seems to be fully made up — maybe created with ChatGPT, in accordance with Europcar.
Europcar spokesperson Vincent Vevaud instructed information.killnetswitch that the corporate investigated the alleged breach after a menace intelligence service alerted it to the discussion board commercial.
“Completely checking the information contained within the pattern, we’re assured that this commercial is fake,” Vevaud mentioned in an e-mail, including:
– The variety of data is totally incorrect & inconsistent with ours,
– The pattern information is probably going ChatGPT-generated (addresses don’t exist, ZIP codes don’t match, first identify and final identify don’t match e-mail addresses, e-mail addresses use very uncommon TLDs),
– And most significantly, none of those e-mail addresses are current in our buyer database.
The hacking discussion board person instructed information.killnetswitch in an internet chat that “the information is actual,” with out supporting that assertion with any proof.
Within the discussion board put up, the person claimed the information included usernames, passwords, full names, house addresses, zip codes, delivery dates, passport numbers, and driver license numbers, amongst different information.
The pattern of knowledge posted on-line, nevertheless, doesn’t seem like authentic, not solely in accordance with Europcar, but additionally in accordance with Troy Hunt, who runs the data breach notification service Have I Been Pwned, in addition to a information.killnetswitch evaluation of the information.
“Firstly on the legitimacy of the information, a bunch of issues don’t add up. The obvious one is that the e-mail addresses and usernames bear no resemblance to the corresponding individuals names,” Hunt wrote on X (beforehand Twitter.)
Hunt additionally added that lots of the alleged house addresses are pretend and “simply don’t exist.”
On the identical time, Hunt can be skeptical that the information was created with ChatGPT.
“We’ve had fabricated breaches since ceaselessly as a result of individuals need airtime or to make a reputation for themselves or possibly a fast buck. Who is aware of, it doesn’t matter, as a result of none of that makes it ‘AI,’” Hunt wrote.
Europcar’s Vevaud didn’t instantly reply to questions on how the corporate decided the information was generated with ChatGPT.
When information.killnetswitch requested ChatGPT to create “a dataset of faux stolen private information,” the chat bot responded that it couldn’t help in “in creating or selling any unlawful or unethical actions.”
Whereas it’s practically inconceivable to confidently set up that the pretend information was created with ChatGPT or an analogous text-generating AI platform, it’s possible that at some point hackers will use these instruments to create giant datasets of faux information.
