Europcar’s Alleged Data Breach Wasn’t Done Using AI, Experts Argue


  • Europcar denies data breach affecting 50 million, claiming leaked data is AI-generated due to inconsistencies.
  • Experts like Troy Hunt disagree, suggesting simpler data fabrication tools were used instead of AI.
  • Regardless of origin, verifying leaked data authenticity and prioritizing data security has become crucial.

French car rental company Europcar made headlines earlier this week following reports of an alleged data breach affecting nearly 50 million customers. 

Cyber security platform HackManac reported the incident on January 30th, noting that the stolen database containing usernames, passwords, full names, addresses, and several other user-identifying information had been listed for sale on a hacking forum.

Europcar Denies Data Breach

As the news started making rounds, Europcar issued a statement refuting that the data breach ever occurred. A spokesperson for the company claimed that stolen data were generated using AI, as the records contained in the stolen database were inconsistent with theirs. 

“The number of records is completely wrong & and inconsistent with ours. The sample data is likely ChatGPT-generated (addresses don’t exist, ZIP codes don’t match, first name and last name don’t match email addresses, email addresses use very unusual TLDs),” the spokesperson said. 

The popular opinion regarding the incident has been that AI is the enabler of fakery, with Europcar and some experts stating that “the use of AI in cyberattacks is becoming more commonplace – we, as defenders, should expect more AI-powered cyber-attacks in the near future.” 

Experts Argue the Data Wasn’t Fabricated Using AI

However, some other experts disagree that the alleged data breach was perpetrated using AI.

The creator of the Have I Been Pwned platform, Tron Hunt, posted an X thread on January 31st, noting that while the legitimacy of the data doesn’t add up and may have been fabricated, it wasn’t generated using AI. 

“13 years ago now I wrote about generated dummy data for testing purposes. THIS WASN’T “AI”!!! Just a big old DB of passable looking values, that is all,” Hunt wrote. “And many of the email addresses weren’t generated at all so that *definitely* wasn’t AI. I don’t know why they sat in there next to dummy data, but I know it wasn’t the outcome of some super-sophisticated LLM.”

Hunt argues that the perpetrators may have used data generators other than AI to fabricate the database posed as Europcar’s. He quoted another analytic platform, KasadalQ, which suggested that “Python Faker” may have been used to generate the data. 

“We can very verify this data, provided in the screenshots, was not created by AI with about 5 minutes of effort,” KasadalQ noted

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Ibiam Wayas

Ibiam is an optimistic crypto journalist. Five years from now, he sees himself establishing a unique crypto media outlet that will breach the gap between the crypto world and the general public. He loves to associate with like-minded individuals and collaborate with them on similar projects. He spends much of his time honing his writing and critical thinking skills.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Steve Cohen
Subscribe to CryptoPolitan