GunAuction.com Suffers Privacy Breech As Hackers Steal Customer Data

GunAuction.com, a website used by people to buy and sell firearms, has suffered a data breach resulting in hackers gaining access to sensitive personal data for over 550,000 users. The exposed data includes customers’ full names, home addresses, email addresses, plaintext passwords, and telephone numbers.

The stolen data allegedly makes it possible to link a particular person with the sale or purchase of a specific weapon.

Cybersecurity expert Troy Hunt said, “With this data, you can then take a public listing… and resolve it back to the [data in the stolen database] so you have the name, email and physical address and phone number of [the seller] and presumably, the location of the gun.”

The server containing the data was discovered by an anonymous security researcher at the end of last year. The server was not protected by any system to limit or control who could access it, so the researcher downloaded the data and analyzed it.

GunAuction.com CEO Manny DelaCruz confirmed the breach in an email, stating that the FBI had contacted them regarding the possibility of a data breach that had affected the company.

DelaCruz reassured customers that they have no reason to believe that any financial information was accessed during the breach but recommended that customers remain vigilant and monitor their financial accounts and credit reports for any suspicious activity.

This is not the first time that sensitive data about gun owners has been exposed. Last year, California’s Department of Justice mistakenly leaked personal data, including gun owners’ names, birthdays, addresses, ages, the purchase date and type of firearm permit they possessed, and their Criminal Identification Index numbers.