Just seen the following on the Register: https://www.theregister.com/2026/02/18/shinyhunter...

Anyone from PH towers able to comment whether:
1) this is true/has been validated
2) whether PH is effected?

CarGuru breach data is now searchable on https://haveibeenpwned.com/Breach/CarGurus (near the bottom for the search option)

For my domain, pistonheads emails don't appear to be in the data, just the CarGurus main site, but that' just from querying above site for my domain. Pistonheads should confirm.

Checked my details and it shows no breach of my PH data.

I cant see anything on have been pwned in relation to my phone email and this leak.. so possible that the UK operations of CarGuru's are not impacted, or ph is on separate systems.

I would also allow the CarGurus team a little time to work out what is what, and what may have been exposed or not- as working this out when dealing with a databreach, and figuring out what data systems actually has been exposed, versus hasn't etc, is not always straightforwards or clearcut..

So they may not know at this point, but that in itself does not mean it has been exposed.

Edited for SPAG etc

Thanks RP.

Fully appreciate these things do take time to investigate, and figure out exactly what has, and has not been exposed (or potentially at exposed).

As and when things progress, it would be good to know whether any PH data (or PH user data) is thought to have been at risk or not.

Fully appreciate this is not always easy to tell depending on the back end system architecture/mode of compromise etc, but be good to know one way or another.

I note that I (and I suspect others) have not had urgent messages to change user credentials etc

HAAK

Two recent emails to junk claiming to have hacked me via the car gurus data breach and asking for 2 grand in bitcoin.