Security

User Database and Source Code of ‘Guns.com’ Leaked Online

Written by Bill Toulas
Last updated September 17, 2021

Hackers have broken into the US-based online weapon and firearms marketplace ‘Guns.com,’ stole its entire database, sold it privately to hackers, and now leaked it publicly to everyone. The actor giving everything away claims that the breach happened in December 2020, and those who first bought the data on private Telegram channels and dark web marketplaces were given some time to exploit it comfortably.

Now, thousands are accessing the database and source of the site, admin passwords, cloud log credentials in plain text form, and more. More specifically, the openly shared pack contains the following:

There’s also an extra folder containing the following things:

Although the Guns.com platform supports credit card payments, no card numbers of CVVs were stored in the database, so these aren’t included in the shared packs. It is possible, though, that this specific part has been removed by the original seller and that the hackers who previously bought it have this information as well.

The platform has acknowledged the incident and placed the breach date on January 11, 2021, saying that the attack lasted for less than 10 minutes and they didn’t think that anything was compromised back then. They dismissed it as an attempt to cause service disruption - and this is why they didn't think they should have informed anyone about it.

Buying guns in the United States is largely legal, as long as one possesses a license and registers the firearm with the local police department. However, this breach still holds special significance because many people would rather keep the gun ownership fact private.

Also, having email accounts, physical addresses, and phone numbers leaked creates the potential for phishing and scamming. SIM swapping is also a possibility as actors would have the accompanying information required to trick telco employees.

As for the platform itself, the pack also contains administrator login details, MySQL and Azure cloud credentials, admin emails and passwords, login links, and server addresses, all in plain text form. All of that is obviously enough for capable actors to continue moving around, collecting more data. We don’t know if that actually happened or not, but it is a dire possibility.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: