A website that allows people to buy and sell guns was infiltrated by hackers, who revealed the identity of its members. Massive amounts of private information, including customer full names, home addresses, email addresses, plaintext passwords, and phone numbers, were exposed in the incident, which affected more than 550,000 people.
Additionally, it is claimed that the stolen data makes it feasible to connect a single person to the sale or purchase of a certain weapon.
How dangerous is the leak?
“With this data, you can then take a public listing…and resolve it back to the [data in the stolen database] so you have the name, email and physical address and phone number of [the seller] and presumably, the location of the gun,” Troy Hunt, a cybersecurity expert who runs the popular data breach repository and alerting service Have I BeenPwned explained.
The data was found on a server at the end of last year by a security researcher who requested anonymity. It was then determined that the site was being used by a hacker (or group of hackers) who was storing the stolen data there. The server had no security measures in place to restrict or manage who may access it, therefore the researcher had to download and analyze the data.
What he discovered was information gleaned from the website GunAuction.com, which has been around since 1998 and allows users to list firearms for auction online.
A researcher contacted 100 people via email and 60 via phone while analyzing a sample of the stolen data. Ten of them attested to the accuracy of the information in the stolen database. Nevertheless, it’s unclear how recent the data is given that our message was returned or was unable to be delivered to 25 email addresses, and numerous phone numbers were also disconnected.
GunAuction.com CEO Manny DelaCruz confirmed the breach in an email.
“I can confirm that we were recently contacted by the FBI regarding the possibility of a data breach that has affected our company,” DelaCruz wrote in the statement. “The breach likely exposed personal customer information like names, addresses, and email addresses. However, we want to reassure our customers that we have no reason to believe that any financial information was accessed during the breach. We are advising our customers to remain vigilant and monitor their financial accounts and credit reports for any suspicious activity.”
Sensitive information on gun owners has previously been made public in another incident when California’s Department of Justice unintentionally disclosed personal information last year, “including gun owners’ names, birthdays, addresses, ages, the purchase date and type of firearm permit they possessed, and their Criminal Identification Index numbers, which are used to track state and federal criminal records.”
The recent spike in hacking news worry users as the dangers intensify. If you are interested, check out our articles below to see other recent hacking developments.
- Fake ChatGPT apps are being used by hackers to steal personal information
- North Korean hackers stole the crypto heist record
- Users’ personal data is in danger due to the GoTo hack
