On Sunday, a person in a widely known hacking discussion board marketed what they claimed was a cache of stolen knowledge from the rental automotive large Europcar. The person claimed to have stolen the non-public data of greater than 48 million Europcar prospects, and mentioned they had been “listening to offers” to promote the hacked knowledge.
Besides, the information seems to be utterly made up — maybe created with ChatGPT, in line with Europcar.
Europcar spokesperson Vincent Vevaud instructed TechCrunch that the corporate investigated the alleged breach after a menace intelligence service alerted it to the discussion board commercial.
“Thoroughly checking the data contained in the sample, we are confident that this advertisement is false,” Vevaud mentioned in an electronic mail, including:
– The variety of information is totally unsuitable & inconsistent with ours,
– The pattern knowledge is probably going ChatGPT-generated (addresses don’t exist, ZIP codes don’t match, first title and final title don’t match electronic mail addresses, electronic mail addresses use very uncommon TLDs),
– And most significantly, none of those electronic mail addresses are current in our buyer database.
The hacking discussion board person instructed TechCrunch in an internet chat that “the data is real,” with out supporting that assertion with any proof.
Within the discussion board put up, the person claimed the information included usernames, passwords, full names, dwelling addresses, ZIP codes, start dates, passport numbers and driver license numbers, amongst different knowledge.
The pattern of knowledge posted on-line, nevertheless, doesn’t seem like authentic, not solely in line with Europcar, but additionally in line with Troy Hunt, who runs the information breach notification service Have I Been Pwned, in addition to a TechCrunch evaluation of the information.
“Firstly on the legitimacy of the data, a bunch of things don’t add up. The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people names,” Hunt wrote on X (beforehand Twitter.)
Hunt additionally added that lots of the alleged dwelling addresses are pretend and “just don’t exist.”
The discussion board person didn’t reply when requested to elucidate Hunt’s observations.
On the identical time, Hunt can be skeptical that the information was created with ChatGPT.
“We’ve had fabricated breaches since forever because people want airtime or to make a name for themselves or maybe a quick buck. Who knows, it doesn’t matter, because none of that makes it ‘AI,’” Hunt wrote.
Europcar’s Vevaud didn’t instantly reply to questions on how the corporate decided the information was generated with ChatGPT.
When TechCrunch requested ChatGPT to create “a dataset of fake stolen personal data,” the chat bot responded that it couldn’t help “in creating or promoting any illegal or unethical activities.”
Whereas it’s almost inconceivable to confidently set up that the pretend knowledge was created with ChatGPT or the same text-generating AI platform, it’s possible that in the future hackers will use these instruments to create massive datasets of pretend knowledge.
