Car rental firm Europcar says it has not suffered a knowledge breach and that shared buyer information is faux after a risk actor claimed to be promoting the private info of fifty million clients.
On Sunday, an individual claimed to be promoting the information for 48,606,700 Europcar.com clients on a preferred hacking discussion board.
The publish included samples of the stolen information for 31 alleged Europcar clients, together with names, addresses, beginning dates, driver’s license numbers, and different info.
Source: BleepingComputer
However, after contacting Europcar final evening, BleepingComputer was instructed that the breach was faux and that the information was fabricated utilizing synthetic intelligence.
“After being notified by a risk intel service that an account pretends to promote Europcar information on the darkish internet and totally checking the information contained within the pattern, we’re assured that this commercial is fake:
– the variety of data is totally mistaken & inconsistent with ours,
– the pattern information is probably going ChatGPT-generated (addresses do not exist, ZIP codes do not match, first title and final title do not match electronic mail addresses, electronic mail addresses use very uncommon TLDs),
– and most significantly: none of those electronic mail addresses are current in our database.”
As Have I Been Pwned’s Troy Hunt explains, whereas a lot of the information is clearly faux, he doesn’t consider it was created utilizing synthetic intelligence.
Hunt identified that the e-mail addresses don’t match the usernames. For instance, all usernames comprise both a primary or final title, however none match the total title listed within the information.
The second indicator that the information is faux is that the addresses merely don’t exist. For instance, two of the listed buyer data use the non-existent cities of “Lake Alyssaberg, DC” and “West Paulburgh, PA.”
Source: BleepingComputer
Another indicator is that the addresses and telephone numbers are for areas within the US, but lots of the related emails are for different nations.
While Europcar instructed BleepingComputer they consider this information was created utilizing AI, Hunt factors out that a few of the electronic mail addresses are actual, showing in earlier information breaches monitored by Have I Been Pwned.
Instead, Hunt believes the point out of synthetic intelligence is only a sizzling take based mostly on the topic’s recognition and was not concerned in creating this information.
“We’ve fabricated breaches since endlessly as a result of folks need airtime or to make a reputation for themselves or possibly a fast buck,” explains Hunt.
“Who is aware of, it would not matter, as a result of none of that makes it “AI” and searching for out headlines or sending spam pitches on that foundation is simply plain dumb.”
As identified by safety researchers NexusFuzzythere are current tasks that permit anybody to create information that appears nearly precisely like what was shared within the faux information breach samples.
While risk actors already use synthetic intelligence as a part of their scams and assaults, and can possible increase its use sooner or later, this incident doesn’t look like one in every of them.