Posted on March 3, 2023 at 5:56 AM
Hackers access the personal information of over 550,000 users of a firearm auction website
Hackers infiltrated a website that enables people to purchase and sell firearms. According to researchers, this breach exposed the users’ identities on this platform. The breach has affected over 550,000 users that rely on this platform.
Hackers breached a firearm auction website
Hacking attacks have become increasingly popular, with hackers targeting all sectors. In one of the latest exploits, threat actors gained unauthorized access to a website facilitating the sale of firearms.
This breach has affected more than 550,000 users on the platform. The attackers have targeted the personal information of these users, including their full names, home addresses, email addresses, telephone numbers, and passwords. Moreover, the stolen data has made it possible to link a user on this platform with the purchase and sale of a particular weapon.
Troy Hunt, a cybersecurity researcher behind “Have I BeenPwned,” said that the hackers behind the breach gained access to comprehensive user details. The researcher behind this breach shared the data about it with Hunt so that the expert could upload it with Have I BeenPwned to alert users of the breach.
“With this data, you can then take a public listing… and resolve it back to the [data in the stolen database], so you have the name, email and physical address, and phone number of [the seller] and presumably, the location of the gun,” Hunt said.
Towards the end of last year, one security researcher who preferred to maintain their anonymity said they had come across a server with data stolen from the firearm auction website. This server was used by a hacker of a group of hackers to store the stolen data. A single system did not protect the server responsible for the breach.
Moreover, there was no limit or control on who could access the stolen data. Therefore, this researcher downloaded the data for analysis. He found that the data was stolen from a website known as GunAuction.com. This website has been in existence since 1998, and it allows people to put guns up for auction online.
According to TechCrunch, the personal user information that these hackers stole was accurate. The report noted that a sample of the stolen data had been analyzed where 100 people in the list were contacted via email while 60 people were contacted using a phone call.
Of all the people that TechCrunch contacted, ten confirmed that the data within this database was factual and belonged to actual users. However, it is yet to be determined how recent the stolen data is, as it is likely that some of the contact information contained within is no longer in use.
25 email addresses that received messages from researchers had the message bounce back or not be delivered. Additionally, some of the phone numbers were out of reach. Nevertheless, the firearm auction website has confirmed that a breach happened on its site.
Firearm auction website confirms a breach
The CEO of GunAuction.com, Manny DelaCruz, confirmed this breach saying that the platform had talks with the FBI to discuss the cybersecurity threat that had affected its operations. The executive admitted that the hackers gained access to user information, but it denied that the hackers accessed financial data.
“The breach likely exposed personal customer information like names, addresses, and email addresses. However, we want to reassure our customers that we have no reason to believe that any financial information was accessed during the breach. We are advising our customers to remain vigilant and monitor their financial records and credit reports for any suspicious activity,” DelaCruz said.
The executive further said that the company was currently working on alerting the users affected by the breach to ensure they remain vigilant. In most cases, hackers use stolen user information to conduct phishing campaigns.
It is not the first time hackers have targeted gun owners and expose their sensitive information. However, in a breach in 2022, the leakage of gun owners’ data was not linked to threat actors. Instead, the leakage came from the California Department of Justice, which mistakenly released the information.
The leaked personal data included the gun owners’ names, addresses, dates of birth, and ages. It also included their firearm ownership histories, such as the purchase data, the type of firearm permit they have, and the Criminal Identification Index numbers used to track criminal records at the state and federal levels.