According to Tel Aviv-based darknet intelligence specialist KELA, the personal information of approximately 400,000 UK-based BMW customers has been sold to the highest bidder on an online black market.

Hackers from a group called the KelvinSecurity Team have accessed BMW's customer database and put the information on an underground forum used by cybercriminals.

SC Magazine reports that the database being sold to cybercriminals contains a lot of sensitive data, including car owners' initials and last names, home addresses and e-mail addresses, dealer names and car registration information.

The report claims that the hackers obtained the database through call centers working with various car manufacturers.

The database is believed to consist of 500,000 customer records from 2016 to 2018. These include details of not only British owners of BMW vehicles, but also owners of Mercedes, Honda, Hyundai, and SEAT vehicles.

In an interview with SC Magazine, a Kela researcher explained that the hacker collective sells the leaked data primarily in underground forums. Last month, hackers sold 16 databases containing information on weapons created by contractors working for the U.S. government and by the Russian military.

But the group is not just trying to make money off the stolen data. The hackers also targeted countries such as the US, Australia, France, Sweden, Indonesia, Iran, and Mexico, making 28 databases freely available on the Internet (according to SC Magazine).

A week ago, BleepingComputer reported that the group was selling data leaked from market research firm Frost & Sullivan. This information was stored in an insecure backup folder and, as a result, was accessible online by anyone.

ESET security specialist Jake Moore warned that hackers could use such information to launch "a fairly convincing phishing campaign posing as BMW or a partner organization."

"In the future, car owners are advised to exercise extreme caution when opening emails from companies like BMW and Mercedes," Moore told Tom's Guide.

"Phishing emails requesting more data than that could be used in combination with data stolen in an information breach, which could be used in future attacks or for identity theft.

"It is essential that all currently affected customers be especially vigilant if they receive unsolicited emails from manufacturers requesting personal, financial, or other additional information.