- A database that exposes customers of Guns.com has been leaked online on hacker forums.
- The information that is being openly shared includes full names, home addresses, emails, and phone numbers.
- The website is exposed on the technical level, too, as admin passwords in plain text form were previously stolen.
Hackers have broken into the US-based online weapon and firearms marketplace ‘Guns.com,’ stole its entire database, sold it privately to hackers, and now leaked it publicly to everyone. The actor giving everything away claims that the breach happened in December 2020, and those who first bought the data on private Telegram channels and dark web marketplaces were given some time to exploit it comfortably.
Now, thousands are accessing the database and source of the site, admin passwords, cloud log credentials in plain text form, and more. More specifically, the openly shared pack contains the following:
- User IDs
- Full names
- Almost 400,000 email addresses
- Password hashes
- Physical addresses
- Magneto IDs
- Phone numbers
- Account creation date
There’s also an extra folder containing the following things:
- Full name
- Bank name
- Account type
- Dwolla IDs
Although the Guns.com platform supports credit card payments, no card numbers of CVVs were stored in the database, so these aren’t included in the shared packs. It is possible, though, that this specific part has been removed by the original seller and that the hackers who previously bought it have this information as well.
The platform has acknowledged the incident and placed the breach date on January 11, 2021, saying that the attack lasted for less than 10 minutes and they didn’t think that anything was compromised back then. They dismissed it as an attempt to cause service disruption - and this is why they didn't think they should have informed anyone about it.
Buying guns in the United States is largely legal, as long as one possesses a license and registers the firearm with the local police department. However, this breach still holds special significance because many people would rather keep the gun ownership fact private.
Also, having email accounts, physical addresses, and phone numbers leaked creates the potential for phishing and scamming. SIM swapping is also a possibility as actors would have the accompanying information required to trick telco employees.
As for the platform itself, the pack also contains administrator login details, MySQL and Azure cloud credentials, admin emails and passwords, login links, and server addresses, all in plain text form. All of that is obviously enough for capable actors to continue moving around, collecting more data. We don’t know if that actually happened or not, but it is a dire possibility.