London: Hackers have likely used ChatGPT to promote a fake data breach where they claimed a cache of stolen data from the rental car giant Europcar.
The hackers claimed to have stolen the personal information of more than 48 million Europcar customers. They also threatened to sell the hacked data.
However, Europcar has now revealed the whole data breach saga was created using ChatGPT.
A Europcar spokesperson told TechCrunch that the company investigated the alleged breach after a threat intelligence service alerted it to the forum advertisement.
“Thoroughly checking the data contained in the sample, we are confident that this advertisement is false,” the company spokesperson said.
“The sample data is likely ChatGPT-generated (addresses don’t exist, ZIP codes don’t match, first name and last name don’t match email addresses, email addresses use very unusual TLDs),” the company informed.
The hacking forum user, however, said “the data is real”.
In the forum post, the user claimed the data included usernames, passwords, full names, home addresses, ZIP codes, birth dates, passport numbers and driver license numbers, among other data.
Troy Hunt, who runs the data breach notification service Have I Been Pwned, posted on X that on the legitimacy of the data, “a bunch of things don’t add up”.
“The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people’s names,” he posted.
“Next, each of those usernames is then the alias of the email address. What are the chances that ‘every single username’ aligns with the email address? Low, very low,” Hunt wrote.
However, this doesn’t make the email addresses fake and, quite the contrary, “a bunch of them are real and it’s easy to check”.