Personal addresses, phone numbers, and vehicle identification numbers (VINs) leaked on private messaging channels.
A massive cache of sensitive personal data belonging to approximately 50 million car owners across the United States has been discovered online. The leak, detected in mid-November 2025, exposes detailed profiles of drivers, connecting their physical locations to the specific vehicles they drive.
According to investigation logs from Cyber Intelligence House, the breach was indexed on November 16, 2025, and is currently being circulated on a private Telegram channel known as “Databases.”
What Was Found?
The leak is substantial, consisting of 50 separate files with a total size of 6.4 GB. Unlike some breaches that only contain email addresses, this dataset is physically intrusive. It links specific individuals to their home addresses and the detailed specifications of their vehicles.
The compromised data fields include:
- Full Legal Names (First and Last)
- Physical Home Addresses (Street, City, State, Zip Code)
- Mobile Phone Numbers
- Gender
- Vehicle Information: Year, Make, Model, and Trim (e.g., “2011 Buick Lucerne” or “2008 BMW 3 Series”)
- VINs (Vehicle Identification Numbers): A critical 17-character unique code used to identify vehicles.
Inside the Files: A Look at the Data
Note: The following examples have been anonymized to protect the victims found in the source files, but they represent the exact structure of the leaked data.
The data appears to cover owners of almost every major automotive brand, including Ford, Honda, Chevrolet, BMW, Kia, and Cadillac. The formatting suggests this data may have come from a marketing aggregator, a dealership network, or an insurance database, rather than a single car manufacturer.
Sample Entry 1 (Sedan Owner):
Name: [Redacted] Smith Location: McKinney, Texas Vehicle: 2002 Honda Accord (4-Door Sedan) VIN: JHMCG56752C****** Phone: 214-733-****
Sample Entry 2 (Luxury SUV Owner):
Name: [Redacted] Loewe Location: Battle Creek, Michigan Vehicle: 2008 BMW 3 Series VIN: WBAWR33548P****** Phone: 818-737-****
Sample Entry 3 (Truck Owner):
Name: [Redacted] Franklin Location: Jefferson City, Tennessee Vehicle: 2005 GMC Sierra 1500 VIN: 1GTEK19Z95Z****** Phone: 865-397-****
The Risks for Car Owners
The combination of these specific data points creates unique security risks for the victims:
- VIN Cloning: With a valid VIN linked to a specific make and model (e.g., a white Ford F150), criminals can create counterfeit VIN plates for stolen cars of the same make, “cloning” the identity of the legitimate vehicle.
- Targeted Theft: Thieves looking for specific high-value parts or models (like the catalytic converters on a Toyota Prius or Honda Element) now have a searchable map of where these cars are parked at night.
- Phishing and Smishing: With full names, phone numbers, and knowledge of the victim’s car, scammers can easily impersonate car warranty services or insurance agents to extract financial data.
Where is the Data Now?
As of the time of discovery, the files remain accessible on the “Databases” Telegram channel. Security researchers indicate that once data reaches these channels, it is often widely mirrored and sold on the Dark Web, making containment difficult.
