Europcar has reportedly suffered a massive data breach affecting as many as 200,000 customers.
The car rental firm has confirmed the hack to BleepingComputer, adding that it’s assessing the damage and notifying affected individuals.
The statement follows a post in an underground forum from a hacker claiming to have obtained all the firm’s GitLab repositories, accessing more than 9,000 SQL files with backups that contain personal data.
Similarly, the threat actor claimed to have gained access to at least 269 .ENV files used to store configuration settings for applications, environment variables, and sensitive information.
The hackers in question have threatened to publish 37GB of data, including backups and details about the company’s cloud infrastructure and internal applications.
Europcar has denied that the full repositories were stolen, however. Exposed data included only the names and email addresses of Goldcar and Ubeeqo users, with bank and card details and passwords not exposed.
Source of Europcar data breach still unknown
It’s not known how the hackers were able to compromise Europcar’s GitLab account.
However, Martin Reynolds, field CTO at security firm Harness, said one of the most common ways cybercriminals compromise systems such as these is to spoof a popular code repository infected with an infostealer malware, then trick developers into downloading it.
To protect themselves from these threats, Reynolds advised organizations to make sure their repositories are protected by minimal token permissions, so only users who should have access can perform actions such as editing or downloading new code.
They should also automate scans at the moment developers add to source code repositories, so that company data won’t be exposed in the event of a breach.
“This should be combined with DevSecOps best practices such as automated governance and security checks to scan new code for malicious code – like infostealer malware – before it is introduced,” he said.
“These approaches make it more difficult for spoofed code repositories to make it through to live environments where they can be used to gain access to other systems.
“By embedding these types of controls early in the software lifecycle, security stays a priority, not an afterthought, and ensures that company secrets are kept under lock and key.”
This attack has been confirmed – unlike an alleged intrusion last year, in which a hacker forum member claimed to have accessed the personal information of nearly 50 million customers. Europcar denied the claims.
