Watch out, firearm lovers. The subtly-named guns.com, a place where Americans can go to pick out whatever stylish boomstick they like and have it shipped straight to their neck of the woods, seems to have a pretty awful data breach on its hands.
Back in January, a hacker temporarily disabled the company’s website, interfering with the site’s retail operations and forcing the weapons peddler to apologize to its confused customers for the whole debacle.
Guns.com has claimed that this attack was meant to prevent the “business from operating”—and that there is “no indication” of any attempt to steal data. However, this assessment may be wrong.
This week a large cache of files allegedly taken from the site appeared on the popular dark web site Raid Forums. In fact, an anonymous user offered Guns.com’s entire kit and caboodle—allegedly everything from troves of consumer and administrative data to the site’s stolen source code—free to all comers.
The data dump shows substantial gun buyer information, including user IDs, full names, email addresses, phone numbers, hashed passwords, and, most alarmingly, physical addresses—including city, state, and zip code information. The site data has been viewed by Gizmodo and it was originally reported on by Hackread.
The dump also seems to show access to information about many of the firearms providers that sell through the platform (the site acts as a location for sellers as much as for buyers), and Hackread reports that an excel file within the data tranche shows “sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials,” though it’s unclear if this is recent information. We also found back-end code for a Laravel-powered version of the site although it isn’t clear what platform the retailer is currently using.
Source: Guns.Com Got Hacked