User Database and Source Code of ‘Guns.com’ Leaked Online

  • A database that exposes customers of Guns.com has been leaked online on hacker forums.
  • The information that is being openly shared includes full names, home addresses, emails, and phone numbers.
  • The website is exposed on the technical level, too, as admin passwords in plain text form were previously stolen.

Hackers have broken into the US-based online weapon and firearms marketplace ‘Guns.com,’ stole its entire database, sold it privately to hackers, and now leaked it publicly to everyone. The actor giving everything away claims that the breach happened in December 2020, and those who first bought the data on private Telegram channels and dark web marketplaces were given some time to exploit it comfortably.

Now, thousands are accessing the database and source of the site, admin passwords, cloud log credentials in plain text form, and more. More specifically, the openly shared pack contains the following:

  • User IDs
  • Full names
  • Almost 400,000 email addresses
  • Password hashes
  • Physical addresses
  • Zipcodes
  • City
  • State
  • Magneto IDs
  • Phone numbers
  • Account creation date

There’s also an extra folder containing the following things:

  • Full name
  • Bank name
  • Account type
  • Dwolla IDs

Although the Guns.com platform supports credit card payments, no card numbers of CVVs were stored in the database, so these aren’t included in the shared packs. It is possible, though, that this specific part has been removed by the original seller and that the hackers who previously bought it have this information as well.

The platform has acknowledged the incident and placed the breach date on January 11, 2021, saying that the attack lasted for less than 10 minutes and they didn’t think that anything was compromised back then. They dismissed it as an attempt to cause service disruption – and this is why they didn’t think they should have informed anyone about it.

Buying guns in the United States is largely legal, as long as one possesses a license and registers the firearm with the local police department. However, this breach still holds special significance because many people would rather keep the gun ownership fact private.

Also, having email accounts, physical addresses, and phone numbers leaked creates the potential for phishing and scamming. SIM swapping is also a possibility as actors would have the accompanying information required to trick telco employees.

As for the platform itself, the pack also contains administrator login details, MySQL and Azure cloud credentials, admin emails and passwords, login links, and server addresses, all in plain text form. All of that is obviously enough for capable actors to continue moving around, collecting more data. We don’t know if that actually happened or not, but it is a dire possibility.

REVIEW OVERVIEW

Latest

How to Watch Formula 1 Without Cable in 2021: Live Stream F1 Grand Prix Anywhere!

The 2021 Formula 1 World Championship is nearly underway, and we're excited to see the big names on the circuit once more,...

How to watch NFL Draft 2021 Without Cable: Date, Time, Schedule, Pick Order, Location, Mock Drafts

The 2021 NFL Draft is almost upon us, and soon the top prospects in the world of football will know where they...

How to Watch NHL 2021 Without Cable – Live Stream Hockey Online from Anywhere

The 2021 NHL season is here, and it ongoing after getting a dodgy start. The 104th season of the National Hockey League...