ShellCodeX Breach Report
Edmunds Data Breach
edmunds.com
Verified breach
Passwords exposed
Accounts exposed
177,860
Breach date
24 Jan 2026
Added to tracker
01 Jun 2026
Data classes
6
What happened
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.
Exposed data
Device information
Email addresses
IP addresses
Passwords
Phone numbers
Usernames
Recommended actions
- Change your Edmunds password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Edmunds โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP