Exploit: Hacking
Guns.com: Online Gun Marketplace
Risk to Small Business: 1.227 = Extreme
An enormous database from Guns.com made an appearance in a hacker forum this week and it’s a major trove of information. The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIPcodes, city, state, Magneto IDs, phone numbers, account creation date and other personal details. One of the folders in the leaked database includes customers’ bank account details including full name, bank name, account type and Dwolla IDs. To top it off, an Excel file in the database was exposed containing sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials, with all admin credentials including admin emails, passwords, login links, and server addresses in plain text format.
Individual Risk: 1.112 = Extreme
Users of Guns.com are significantly impacted, as extensive banking and personal information has been exposed. They should be wary of identity theft, spear phishing, and business email compromise/fraud risks as well as change any passwords shared with this account
Customers Impacted: 400,000
How it Could Affect Your Customers’ Business: Sensitive Personally Identifiable Information (PII) requires strong protection, especially when financial information for clients is at stake.
Source:
https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data