[BreachExchange] Hacker dumps Guns.com database with customers, admin data

Destry Winant destry at riskbasedsecurity.com
Wed Mar 17 10:32:05 EDT 2021


https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data/

As seen by Hackread.com, among other sensitive data, the database
includes Guns.com administrator, WordPress, and Cloud log in
credentials in plain-text format.

As the domain name indicates, Guns.com is a major Minnesota, US-based
platform to buy and sell guns online. It is also home to news and
updates for gun owners and enthusiasts around the world. However, on
March 9th, 2021, a database apparently belonging to Guns.com was
dumped on an infamous hacker forum.

The actor behind the data dump claimed that it includes a complete
database of Guns.com along with its source code. They further added
that the breach took place somewhere around the end of 2020 and the
data was sold privately meaning on Telegram channels or dark web
marketplaces.

What data has been leaked?

According to Hackread.com’s analysis, the data contains highly
sensitive information of Guns.com’s administrators and customers
including:

• User IDs
• Full names
• Almost 400,000 email addresses
• Password hashes
• Physical addresses
• Zipcodes
• City
• State
• Magneto IDs
• Phone numbers
• Account creation date

One of the folders in the leaked database includes customers’ bank
account details including:

• Full name
• Bank name
• Account type
• Dwolla IDs

However, credit card numbers or VCC numbers were not leaked.

Guns.com admin login credentials also leaked

Additionally, an Excel file in the database as seen by Hackread.com
seems to contain sensitive login details of Guns.com including its
administrator’s WordPress, MYSQL, and Cloud (Azure) credentials.
However, it is unclear whether these credentials are recent, old, or
already changed by the site’s administrators amid the breach.

This can have a devastating effect on the company since all admin
credentials including admin emails, passwords, login links, and server
addresses are in plain text format.

Guns.com acknowledged the breach on a limited level

On January 13th, 2021, Guns.com published a letter on its website in
which the company acknowledged the breach. However, the breach was
blamed on third parties with whom Guns.com work.

The company further claimed that “There was no indication of any
attempt to compromise data” yet the alleged Gun.com database is
currently circulating on infamous English and Russian speaking hacker
forums.

“On Monday, January 11th, Guns.com was the victim of a malicious
cyber-attack designed solely to prevent our business from operating.
This attack was highly sophisticated, was targeted at third parties
with which we work, and was designed to take down our website. The
actual attack lasted less than 10 minutes, but the damage was
temporarily done to our website’s ability to be displayed properly.
There was no indication of any attempt to compromise data – this was
purely designed to cause business disruption to Guns.com”,  the
company maintains in its letter to customers and partners.

What’s next for Guns.com customers?

In the current political environment in the United States, this data
leak can have devastating effects on Guns.com and its customers since
their physical addresses, history of purchased weapons, contact and
banking details have been leaked to the entire world.

If you are one of Guns.com customers Hackread.com advises you to be on
the lookout especially when it comes to phishing, SMShing, SIM
Swapping, and identity scams. It is also advised to get in touch with
the company and question the impact of the data breach.


More information about the BreachExchange mailing list