Guns.com Did Not Lose Customer Information in January Cyber Attack
Article first appeared on Ammoland.com
The article makes it seem like hackers obtained personal identifiable information (PII). The truth is that hackers did not get any sensitive information about Guns.com’s customers.
It is unclear who are the Gizmodo sources used in their reporting or if the author pushed the narrative for political reasons.
In January, hackers attacked the site and took it offline. The attackers used vulnerabilities of a third-party vendor to down the site. Guns.com did not release the exact exploit the hackers used to take control of the site and shut down the business for a few days until the company finally restored the website.
At the time, Guns.com CEO Greg Minkler reported that the hackers did not steal any personal identifiable information. AmmoLand News reached out to Minkler to get a comment on the allegations lodged by Gizmodo. Minkler assured AmmoLand News that the hackers did not obtain PII. He said the hackers were able to get access to a single folder and obtain a test database. It seems like that is what the hackers are selling on the Dark Web marketplaces.
Guns.com does not store customer’s credit card information and other banking information on the site’s servers. A third party handles the processing of customer payments. This fact makes it impossible for the site to leak customer’s financial information on Dark Web marketplaces.
Guns.com and its insurance company contracted third-party investigators to conduct a full investigation. Although the authorities did not catch the hackers, the company verified what the hackers took and what damage the attackers did to the website. The third-party investigators completed the investigation, and Minkler told AmmoLand News that the company and the insurance company were satisfied with the end result.
The majority of attacks on websites are for financial gain. Only a tiny percentage of cyber-attacks is for political reason. Hackers steal customer information from sites then sell the information to other cybercriminals on multiple Dark Web marketplaces. These criminals use the stolen personal information to steal their victims’ identities to obtain credit cards and loans. Hackers can buy credit card numbers for around $1.50 and $2.50 per card number. Usually, sellers will offer a batch of information called dumps, and buyers pay in Bitcoin or other cryptocurrencies.
Cybercriminals sell other PPI such as Social Security numbers for $8 and PayPal information for between 5 to $1,767. In the case of Guns.com, Minkler reports that the cybercriminals did not get any of this sensitive information.
This case shows why it is vital to use tools like a password manager. A password manager lets you set a different complex password for each site.
If one password for a site is compromised, then the damage is localized to that one site. It is also important for people to use two-factor authentication whenever possible. Microsoft and Google both offer authenticators. Several other companies also make authenticators.
The Guns.com technical team fixed the security flaw that allowed the hackers to obtain access to the site. The site has remained up since January, and the company reported no further attacks.
About John Crump
John is a NRA instructor and a constitutional activist. John has written about firearms, interviewed people of all walks of life, and on the Constitution. John lives in Northern Virginia with his wife and sons and can be followed on Twitter at @crumpyss, or at www.crumpy.com.