As seen by Hackread.com, among other sensitive data, the database includes Guns.com administrator, WordPress, and Cloud log in credentials in plain-text format.
As the domain name indicates, Guns.com is a major Minnesota, US-based platform to buy and sell guns online. It is also home to news and updates for gun owners and enthusiasts around the world. However, on March 9th, 2021, a database apparently belonging to Guns.com was dumped on an infamous hacker forum.
The actor behind the data dump claimed that it includes a complete database of Guns.com along with its source code. They further added that the breach took place somewhere around the end of 2020 and the data was sold privately meaning on Telegram channels or dark web marketplaces.
According to Hackread.com’s analysis, the data contains highly sensitive information of Guns.com’s administrators and customers including:
One of the folders in the leaked database includes customers’ bank account details including:
AlterEdward on March 24th, 2021 at 07:20 UTC »
Software developer and admin here. There are millions of companies whose systems are about as secure as this. I've seen employees Google their own name and find Excel spreadsheets with call logs on. The temptation to take shortcuts like storing your passwords in an Excel, is too great.
Immediate-Pool993 on March 24th, 2021 at 03:51 UTC »
Lol again? They need a new IT guy. At this point a kid with a fucking windows phone could breach their shit
rainbowarriorhere on March 23rd, 2021 at 23:25 UTC »
What has been leaked
According to Hackread.com’s analysis, the data contains highly sensitive information of Guns.com’s administrators and customers including:
• User IDs• Full names• Almost 400,000 email addresses• Password hashes• Physical addresses• Zipcodes• City• State• Magneto IDs• Phone numbers• Account creation date
One of the folders in the leaked database includes customers’ bank account details including:
• Full name• Bank name• Account type• Dwolla IDs