Guns.com data breach, March 2021 update

The article says that the hacker that posted the info online has complete source code, data, and some other files from late 2020. This is data on customers as well as internal admin accounts. Apparently, guns.com notified some users in early January about the breach but said no data was compromised. This data dump contradicts that notice.

While it appears no credit card data was stolen, there is bank information and certainly substantial enough information to do identity scams/theft and phishing. But the greatest issue in my opinion is the physical addresses of customers. Long have anti-gun proponents wanted “lists” of who has guns and this would comprise a pretty big list of names/addresses.

Information that was leaked, according to the article:

• User IDs
• Full names
• Almost 400,000 email addresses
• Password hashes
• Physical addresses
• Zipcodes
• City
• State
• Magneto IDs
• Phone numbers
• Account creation date

Additionally, there was some bank info in some folders:

• Full name
• Bank name
• Account type
• Dwolla IDs

Where can I check the data dump to see if my info is included. I’m not sure if I registered there.

Edit: Just checked. I’m not registered there.

Hopefully you know if you are registered at a site

In general, the best site to track if your email has been compromised is https://haveibeenpwned.com It is run by well-known security researcher Troy Hunt. You can put your email in once, or have it notify you automatically the next time your email shows up in a breach. I consider the process safe and secure, but you can check the About and FAQ links for more details to be sure that you are OK with any privacy concerns. AFAIK, he tracks all public breaches, so I am pretty sure this one will end up in there once he has vetted the data (It’s not in there yet).