Update: Guns.com has informed Ammoland that its investigation—along with that of its insurance company—determined no user personal information was accessed by hackers. The story is here, and explains “…the hackers were able to get access to a single folder and obtain its test database. It seems like that is what the hackers are selling on the Dark Web marketplaces.” Plus, financial details, according to the report, is not stored on the company’s website, which makes it impossible for that information to have been compromised.
Late March reports from numerous Internet security-related news claim the hacking that took Guns.com offline earlier this year may’ve been more than a simple case of political monkeywrenching. The criminal or criminals, according to the stories, have posted a database with personal details of registered users of the victimized website—including addresses, phone numbers, passwords and even bank details—for sale on the dark web.
Security Boulevard’s warning is the most ominous. It states, “The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIPcodes, city, state, Magneto IDs, phone numbers, account creation date and other personal details.” According to it one folder, “…includes customers’ bank account details including full name, bank name, account type and Dwolla IDs.”
Gizmodo explains how the situation unfolded. “Back in January,” it reports, “a hacker temporarily disabled the company’s website, interfering with the site’s retail operations and forcing the weapons peddler to apologize to its confused customers for the whole debacle.” The story admits, however, there is no proof the current laundry list for sale was stolen during the early 2021 cybercrime. The writer explains even if the financial details aren’t available, it places users at risk of identify theft, phishing attacks and their home addresses becoming known to criminals.
According to Tech Times, the files currently being offered are on a Dark Web site named Raid Forums. The report also indicates that information on firearm providers was also stolen during the cybercrime.
Hacking and cybertheft are increasing in frequency, and Guns.com is allegedly just the latest victim in a long, and growing-by-the-day list. There’s no doubt other firms in the firearm industry have been, or will be, targeted. Last year’s Utah Gun Exchange incident from last year is an example. To put things in perspective, the volume of users whose information that may have been compromised in this incident pales by comparison to the Adobe hack of 2013, when the personal details of 153 million people was stolen, or Equifax in 2017 (147.9 million), Marriott International (500 million from 2014 to 2018) or Adult Friend Finder (2016, 500 million). There are many others, and odds are good at least a portion of your personal information has been stolen from government or corporate websites already. Remember the federal government’s Office of Personnel Management hack of 2015?
The incident is a good reminder to change passwords on any website frequently, make them long and complicated enough to border on cumbersome, never use the same one twice or on another URL, and religiously monitor activity on all your financial accounts. Take advantage of double authentication for log-ins, when made available and use a credit card, not debit card, for all online purchases. At least then you can contest charges you didn’t make.