Yahoo Autos Hackers steal gun owners' data from firearm auction website
Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned.
The breach exposed reams of sensitive personal data for more than 550,000 users, including customers' full names, home addresses, email addresses, plaintext passwords and telephone numbers. Also, the stolen data allegedly makes it possible to link a particular person with the sale or purchase of a specific weapon.
“With this data, you can then take a public listing...and resolve it back to the [data in the stolen database] so you have the name, email and physical address and phone number of [the seller] and presumably, the location of the gun,” Troy Hunt, a cybersecurity expert who runs the popular data breach repository and alerting service Have I BeenPwned, told TechCrunch. (The researcher who found the breach shared the data with Hunt so he can upload it to Have I BeenPwned.)
At the end of last year, a security researcher — who asked to remain anonymous — discovered a server containing the data, which turned out to be used by a hacker (or group of hackers) who was using the server to store the stolen data. The server was not protected by any system to limit or control who could access it, so the researcher downloaded the data and analyzed it.
What he found was data taken from the website GunAuction.com, a site that since 1998 allows people to put guns for auction online.
A screenshot of GunAuction.com
