A popular U.S.-based gun exchange website was the victim of a security breach. On 9 March, Gun.com, a major platform used by customers to buy and sell guns online, but also to read gun-related news and updates, had what looks like a complete database posted on a hacker forum.
The news of the leak comes after another hacking attempt that took place in January this year and which succeeded in temporarily disabling the website, which prompted an apology letter from the weapons peddler company.
“On Monday, January 11th, guns.com was the victim of a malicious cyber-attack designed solely to prevent our business from operating,“ the letter says. “This attack was highly sophisticated, was targeted at third parties with which we work, and was designed to take down our website. The actual attack lasted less than 10 minutes, but damage was temporarily done to our website’s ability to be displayed properly. There was no indication of any attempt to compromise data – this was purely designed to cause business disruption to guns.com.”
What data has been leaked?
• User IDs
• Full names
• Almost 400,000 email addresses
• Password hashes
• Physical addresses
• Magneto IDs
• Phone numbers
• Account creation date
But this pales in comparison to the damage done by the March data leak. An analysis by hackread.com, a cybersecurity, cybercrime, and hacking news website, shows that in this case, the leaked data included sensitive information such as, but not limited to: full names, usernames, password hashes, physical addresses, phone numbers, as well an impressive number of no less than 400.000 email addresses. Even worse, one of the folders contained the bank account details of the customers, from full name and bank name to the type of bank account. So far it looks like the actual card numbers were not included, nor the virtual credit cards (VCC) otherwise known as the credit card numbers normally used for online purchases.
And to make matters even worse, the admin login credentials were also included in the leak, along with other login information that contains administrator’s credentials from websites such as WordPress, MYSQL, and Cloud (Azure), all as plain text. At the moment it is yet uncertain if this information is recent and still valid or if it has already been changed following the breach.
One of the folders in the leaked database includes customers’ bank account details including:
• Full name
• Bank name
• Account type
• Dwolla IDs
• Credit card and VCC numbers were not leaked.
The hacker’s claims puts the breach somewhere towards the end of 2020, while the information and source code have been sold privately, most likely on the dark web. Either way, the compromised data is still making the rounds on several notorious English and Russian-speaking hacker forums, with Guns.com customers being strongly advised to take the necessary measures to protect themselves from the impact of the breach.