Data of up to 200,000 Europcar customers exposed after attackers breached the company’s GitLab repositories. Software code was also stolen.
Attackers have gained access to the GitLab repositories of car rental company Europcar Mobility Group. There, they stole source code for the iOS and Android applications, along with customer data. It’s unclear how many customers’ data has been exposed, but the number could reach up to 200,000. The total haul amounted to 37 GB. The criminal attempted to extort the company.
Europcar Mobility Group is part of a group that also includes Goldcar and Ubeeqo. The stolen customer data is said to be primarily from the databases of these two brands. Europcar has confirmed the breach to Bleepingcomputer, which knows that at least 50,000 customers have been affected.
Names and email addresses
The stolen data is reportedly not highly sensitive. It likely only includes names and email addresses, and no data from payment cards or driver’s licenses, for example. Europcar Mobility Group is currently in the process of notifying affected customers.
At this point, it’s still unclear how the criminals were able to gain access to the systems. The attackers claim to have stolen all source code for the Android and iOS apps, but this doesn’t appear to be entirely accurate. A small portion of the code remains uncompromised.
The hack is significant, both in terms of the stolen code and the impact on customers. These customers don’t need to immediately fear their bank accounts being plundered, but the leaked information is fodder for other criminals who want to set up targeted phishing campaigns. GitLab itself was recently affected by vulnerabilities, although the company promptly addressed them.