Brinztech Alert: The Alleged Database of Hertz is Leaked

Dark Web News Analysis

The dark web news reports a potential data breach involving Hertz, the global car rental company. A threat actor on a hacker forum claims to possess a database containing 3.6 million lines of data.

Analysis of the sample indicates the dataset contains approximately 1.05 million unique email addresses. While the full scope of the compromised fields (e.g., driver’s license numbers, physical addresses) is still being verified, the sheer volume of contact information suggests a significant compromise of either the customer loyalty database or a marketing list.

Key Cybersecurity Insights

Breaches of travel and hospitality giants differ from standard retail leaks because they expose movement patterns and high-value loyalty assets:

• Travel-Themed Phishing: The primary risk is Contextual Phishing. Attackers can use the leaked emails to send fake booking modifications: “Hertz Alert: Your reservation for [Date] requires a payment update. Click here to confirm vehicle availability.” Because travelers are often anxious about their bookings, the click-through rate on these scams is high.
• Loyalty Program Theft: Hertz Gold Plus Rewards points are a currency on the dark web. Attackers use “Combolists” (email/password pairs) to crack accounts, steal points, and rent high-end vehicles fraudulently or sell the points for pennies on the dollar.
• Corporate Espionage: A significant portion of Hertz’s clientele travels for business. If the leak allows analysts to map the travel patterns of executives (e.g., a CEO renting a car in a specific city repeatedly), it could signal upcoming mergers or confidential business deals to competitors.
• Credential Stuffing: With 1.05 million unique emails exposed, this database will likely be fed into credential stuffing bots immediately to see if users reused their Hertz passwords on banking or corporate email accounts.

Mitigation Strategies

To protect your travel profile and identity, the following strategies are recommended:

• Password Reset: If you have a Hertz account, change your password immediately. Ensure it is unique and not used for any other travel loyalty program.
• Monitor Loyalty Points: Log in to your Hertz Gold Plus Rewards account to verify your point balance. If you see unauthorized redemptions (e.g., a rental in a country you are not visiting), report it immediately.
• Corporate Travel Alert: Corporate Travel Managers should warn employees to look out for fake Hertz emails. Use an official travel portal to verify bookings rather than clicking links in emails.
• MFA Adoption: Enable Multi-Factor Authentication (MFA) on your email account to prevent it from being compromised via credential stuffing.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com