Europcar denies data breach affecting 50 million customers – says ChatGPT responsible for creating fake data
Europcar has said a data breach affecting millions of its customers is fake.
It was discovered that a threat actor was selling a database on a well-known underground forum that they claimed contained the data of almost 50 million customers of the car rental company. In the example they shared, apparent names, addresses, license numbers and banking details are among the information.
However, after BleepingComputer contacted Europcar, the company claimed the breach was not real, adding that the data was likely falsified using AI tools such as ChatGPT.
AI generated?
Europcar says it came to this suspicion because “addresses do not exist, zip codes do not match, first name and last name do not match email addresses, email addresses use very unusual TLDs.”
Additionally, the company also stated that “none of these email addresses exist in our database.”
There are differences between usernames and email addresses, and some addresses are made up, such as “Lake Alyssaberg, DC” and “West Paulburgh, PA.” Additionally, addresses and phone numbers refer to US regions, while many of the associated email addresses are foreign.
HaveIBeenPwned creator Troy Hunt agreed with , unrelated data breaches monitored by the site.
He also said that “we have been dealing with fabricated breaches since time immemorial,” and not just since the AI boom we are experiencing now. There are also several services that can easily create fake datasets that look convincing at first glance, including creating XML documents and anonymizing data.