ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Edmunds Data Breach

edmunds.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 177,860
Breach date 24 Jan 2026
Added to tracker 01 Jun 2026
Data classes 6

What happened

In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.

Exposed data

Device information Email addresses IP addresses Passwords Phone numbers Usernames

Recommended actions

  • Change your Edmunds password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Edmunds โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP