GunAuction site was hacked and data of 565k accounts were exposed
Hackers
compromised
the
website GunAuction.com,
a
website
that
allows
people
to
buy
and
sell
guns,
and
stole
users’
data.
Hackers
have
compromised
GunAuction.com,
a
website
that
allows
people
to
buy
and
sell
guns,
TechCrunch
reported.
The
attackers
have
stolen
sensitive
personal
data
from
more
than
550,000
users.
Compromised
customers’
data
include
full
names,
home
addresses,
email
addresses,
plaintext
passwords,
and
telephone
numbers.
TechCrunch
pointed
out
that
stolen
data
can
allow
the
unmasking
of
individuals
that
purchased
a
weapon.
Crooks
can
use
the
data
to
know
the
physical
address
of
the
buyers
and
can
reach
the
to
steal
the
weapon.
At
the
end
of
2022,
a
security
researcher
discovered
the
stolen
data
on
an
unsecured
server
belonging
to
a
group
of
hackers.
TechCrunch
was
able
to
verify
the
authenticity
of
the
data
for
a
sample
they
analyzed,
however
it
is
unclear
how
recent
the
data
is.
The
popular
data
breach
notification
service
HaveIBeenPwned
reported
that
the
hack
took
place
in
December
and
impacted
565k
user
accounts,
it
also
added
that
83%
of
the
records
were
already
in
HIBP
database.
“I
can
confirm
that
we
were
recently
contacted
by
the
FBI
regarding
the
possibility
of
a
data
breach
that
has
affected
our
company,”
GunAuction.com
CEO
Manny
DelaCruz
confirmed
the
breach
in
an
email.
“The
breach
likely
exposed
personal
customer
information
like
names,
addresses,
and
email
addresses.
However,
we
want
to
reassure
our
customers
that
we
have
no
reason
to
believe
that
any
financial
information
was
accessed
during
the
breach.
We
are
advising
our
customers
to
remain
vigilant
and
monitor
their
financial
accounts
and
credit
reports
for
any
suspicious
activity.”
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
GunAuction)
Share
On
About Author
%20v1.1.jpg#keepProtocol "Request for Comments: Mobile Payments on COTS (MPoC) v1.1")