Europcar hack: 200,000 user data allegedly leaked

Posted on 2025-04-07 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The Europcar Mobility Group has suffered a suspected cyber attack. In this hack, the personal data of 200,000 customers was allegedly stolen. The data is being offered for sale on a hacker forum. The company is probably also being blackmailed.

Advertising

Data offered in underground forum

The information came to my attention on Friday, April 4, 2025. A hacker claims to have penetrated the GitLab repositories of car rental company Europcar Mobility Group.

Europcar Hack

He stole the source code for Android and iOS applications as well as some personal data from up to 200,000 customers, according to the person in question. He is now offering the data on an underground forum and has threatened to release 37 GB of sensitive data if the company does not pay. The information disclosed includes names and email addresses.

Problem: The SQL database dumps

When I read the information that someone had penetrated the GitLab repositories of the car rental company Europcar Mobility Group, my first question was "How could someone get hold of customer data?". I could imagine source codes for apps off the top of my head, but customer data?

The colleagues from Bleeping Computer have now compiled some details in this article. And there you can find the information that backups of SQL databases were probably stored in the GitLab repositories of the car rental company Europcar Mobility Group. The screenshot above shows that there were 9,000 SQL files in the GitLab repository. Several of these SQL files would have contained personal data. And these database backups were apparently not password protected either.

According to Bleeping Computer, the hacker posted screenshots of various file contents with (LDAP) login information as examples. While the post in an underground forum suggests a hack, there seems to be some truth to it. Bleeping Computer states that they have confirmation that the Europcar Mobility Group's GitLab repository has been compromised. The Europcar Mobility Group is currently assessing the extent of the damage.

Advertising

It is currently assumed that, in addition to the customer data, only part of the source code has been leaked. In terms of user data, only the names and email addresses of Goldcar and Ubeeqo users are included in the leak. Bleeping Computer writes that, based on online statistics, the number of affected customers is likely to be between 50,000 and 200,000, with some data dating back to 2017 and 2020.

More sensitive information, such as bank and card details or passwords, was not leaked publicly. The company is now in the process of notifying all affected customers and has informed the country's data protection authority.

Who is the Europcar Mobility Group?

Europcar Mobility Group is a subsidiary of Green Mobility Holding and operates the Europcar, Goldcar and Ubeeqo brands. These car rental companies offer a wide range of small cars, luxury vehicles, vans and trucks for hire. The group has an international presence and customers can be found in over 140 countries in Europe, North America, Asia and Africa.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).