Hackers have breached the website GunAuction.com, a platform that has allowed users to buy and sell guns online since 1998. Over 550,000 users’ personal data was exposed, including their full names, home addresses, email addresses, plaintext passwords, and telephone numbers.
According to cybersecurity expert Troy Hunt, the data stolen makes it possible to link a particular person with the sale or purchase of a specific weapon.
The server containing the data was not protected by any system to limit or control who could access it, allowing the researcher who discovered it to download and analyze the data. A sample of the data was analyzed, and it was confirmed that the data contained in the stolen database was accurate.
GunAuction.com CEO Manny DelaCruz confirmed the breach and stated that the FBI contacted the company regarding the data breach. The breach exposed personal customer information such as names, addresses, and email addresses.
However, there is no reason to believe that any financial information was accessed. DelaCruz reassured customers to remain vigilant and monitor their financial accounts and credit reports for any suspicious activity. The intention is to inform affected users very soon.
This is not the first time that sensitive data about gun owners has been exposed. California’s Department of Justice mistakenly leaked personal data, including gun owners’ names, birthdays, addresses, ages, the purchase date and type of firearm permit they possessed, and their Criminal Identification Index numbers.
The exposure of such data is concerning given that it can be linked to the sale or purchase of a specific weapon. It is vital for companies to implement security measures to limit or control who can access personal data to prevent such data breaches.