Hackers have compromised GunAuction.com, a website that allows people to buy and sell guns, TechCrunch reported. The attackers have stolen sensitive personal data from more than 550,000 users. Compromised customers’ data include full names, home addresses, email addresses, plaintext passwords, and telephone numbers.
TechCrunch pointed out that stolen data can allow the unmasking of individuals that purchased a weapon. Crooks can use the data to know the physical address of the buyers and can reach the to steal the weapon.
At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers.
TechCrunch was able to verify the authenticity of the data for a sample they analyzed, however it is unclear how recent the data is.
The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.
“I can confirm that we were recently contacted by the FBI regarding the possibility of a data breach that has affected our company,” GunAuction.com CEO Manny DelaCruz confirmed the breach in an email. “The breach likely exposed personal customer information like names, addresses, and email addresses. However, we want to reassure our customers that we have no reason to believe that any financial information was accessed during the breach. We are advising our customers to remain vigilant and monitor their financial accounts and credit reports for any suspicious activity.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, GunAuction)