A hacker breached the GitLab repositories of Europcar Mobility Group and stole source code for Android and iOS apps, along with SQL backups and configuration files that included personal data. The attacker, using Europcar’s name as an alias, claimed to have extracted over 9,000 SQL files and 269 .env files containing credentials and environment variables. They attempted to extort the company by threatening to publish 37GB of data, including internal application details and cloud infrastructure information. While the attacker claimed to have exfiltrated all GitLab repositories, Europcar confirmed that some of their source code remained untouched. Screenshots shared by the attacker showed employee credentials embedded in the stolen code, validating the breach.
The stolen data reportedly includes only names and email addresses of up to 200,000 customers from the Goldcar and Ubeeqo brands, with no evidence of financial or password-related exposure. Europcar is currently assessing the full scope of the damage, notifying affected individuals, and has informed the data protection authority. Although the exact intrusion vector is unknown, the incident may be linked to compromised credentials from infostealer malware—an increasingly common breach method.