According to TechCrunch, hackers gained access to a website where people can purchase and sell guns, revealing the identity of its members.
Massive amounts of private information, including customer complete names, home addresses, email addresses, plaintext passwords, and phone numbers, were exposed in the incident, which affected more than 550,000 people. Additionally, it is claimed that the stolen data makes it feasible to connect a single person to the sale or purchase of a certain weapon.
“With this information, you can take a public listing…
Troy Hunt, a cybersecurity expert who runs the well-known data breach repository and alerting service Have I BeenPwned, told TechCrunch that you can trace the data back to the [data in the stolen database] so you have the name, email, physical address, and phone number of [the seller] and likely the location of the gun. (The researcher who discovered the vulnerability gave Hunt access to the information so that he could submit it to Have I Been Pwned.)
The data was found on a server at the end of last year by a security researcher who requested anonymity. It was then determined that the site was being used by a hacker (or group of hackers) who was storing the stolen data there. The server had no security measures in place to restrict or manage who may access it, therefore the researcher had to download and analyse the data.
What he discovered was information gleaned from the website GunAuction.com, which has been around since 1998 and allows users to list firearms for auction online.
TechCrunch contacted 100 people via email and 60 via phone while analysing a sample of the stolen data. Ten of them attested to the accuracy of the information in the stolen database. Nevertheless, it’s unclear how recent the data is given that our message was returned or was unable to be delivered to 25 email addresses, and numerous phone numbers were also disconnected.
In an email, Manny DelaCruz, CEO of GunAuction.com, acknowledged the intrusion.
In the statement, DelaCruz said, “I can confirm that we were recently approached by the FBI regarding the potential for a data breach that has harmed our company. “Personal customer information like names, addresses, and email addresses were probably compromised in the breach. We do, however, want to reassure our clients that there is no basis for us to think that any financial data was accessed during the attack. We’re encouraging our clients to keep an eye out for any odd behaviour in their financial accounts and credit reports.
“Our objective is to tell affected users very soon,” DelaCruz continued.
Sensitive information on gun owners has previously been made public. According to Gizmodo, the California Department of Justice accidentally released personal information about gun owners last year, including their names, birthdays, addresses, ages, the date of purchase and the type of firearm permit they held, as well as their Criminal Identification Index numbers, which are used to track state and federal criminal records.