Hacker dumps Guns.com database with customers, admin data - As seen by Hackread.com, among other sensitive data, the database includes Guns.com administrator, WordPress, and Cloud log in credentials in plain-text format.

  • Emails (registration / password reset) appear to be working; be sure to check spam.

themasterlurker

Custom title If specified, this will replace
kiwifarms.net

As the domain name indicates, Guns.com is a major Minnesota, US-based platform to buy and sell guns online. It is also home to news and updates for gun owners and enthusiasts around the world. However, on March 9th, 2021, a database apparently belonging to Guns.com was dumped on an infamous hacker forum.


The actor behind the data dump claimed that it includes a complete database of Guns.com along with its source code. They further added that the breach took place somewhere around the end of 2020 and the data was sold privately meaning on Telegram channels or dark web marketplaces.


What data has been leaked?​


According to Hackread.com’s analysis, the data contains highly sensitive information of Guns.com’s administrators and customers including:


• User IDs

• Full names

• Almost 400,000 email addresses

• Password hashes

• Physical addresses

• Zipcodes

• City

• State

• Magneto IDs

• Phone numbers

• Account creation date




One of the folders in the leaked database includes customers’ bank account details including:


• Full name
• Bank name
• Account type
• Dwolla IDs
However, credit card numbers or VCC numbers were not leaked.

Guns.com admin login credentials also leaked​

Additionally, an Excel file in the database as seen by Hackread.com seems to contain sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials. However, it is unclear whether these credentials are recent, old, or already changed by the site’s administrators amid the breach.
This can have a devastating effect on the company since all admin credentials including admin emails, passwords, login links, and server addresses are in plain text format.

Guns.com acknowledged the breach on a limited level​


1616464737674.png


On January 13th, 2021, Guns.com published a letter on its website in which the company acknowledged the breach. However, the breach was blamed on third parties with whom Guns.com work.





The company further claimed that “There was no indication of any attempt to compromise data” yet the alleged Gun.com database is currently circulating on infamous English and Russian speaking hacker forums.

“On Monday, January 11th, Guns.com was the victim of a malicious cyber-attack designed solely to prevent our business from operating. This attack was highly sophisticated, was targeted at third parties with which we work, and was designed to take down our website. The actual attack lasted less than 10 minutes, but the damage was temporarily done to our website’s ability to be displayed properly. There was no indication of any attempt to compromise data – this was purely designed to cause business disruption to Guns.com”, the company maintains in its letter to customers and partners.

What’s next for Guns.com customers?​


In the current political environment in the United States, this data leak can have devastating effects on Guns.com and its customers since their physical addresses, history of purchased weapons, contact and banking details have been leaked to the entire world.


If you are one of Guns.com customers Hackread.com advises you to be on the lookout especially when it comes to phishing, SMShing, SIM Swapping, and identity scams. It is also advised to get in touch with the company and question the impact of the data breach.
 

Spasticus Autisticus

kiwifarms.net
Wordpress is not secure?
Good to know.
Wordpress is the Windows of content management systems. It's extremely popular, which makes it a juicy target. It's also relatively easy to set up, which means there's a lot of installs out there that were set up by idiots who didn't know what they were doing. And just like Windows, it can be secure if you aren't stupid. Keep it up to date (as well as your version of PHP, and whatever web server you're using) and be careful about what themes and plugins you use. If you look up the list of Wordpress CVEs, the vast majority of them are for plugins and themes.
 

pwnest injun

An Honest Man is Always in Trouble
True & Honest Fan
kiwifarms.net
Can't say I've ever heard of this site but from the generic name alone it sounds like a dodgy rip-off of Gunbroker
Last I checked, it was more like a craigslist thing, arranging person to person sales that way rather than gunbroker's ebay style bidding system. That was probably a decade ago though, so it could have changed.
 
Top