Cyber Incident Victim: Guns.com

On March 9, 2021, a database allegedly belonging to Guns.com, a Minnesota-based online firearms marketplace, was publicly dumped on prominent English and Russian-language hacker forums. The threat actor responsible claimed the breach occurred around December 31, 2020, and that the data had previously been sold through private channels such as Telegram or dark web marketplaces. The leaked database contained extensive customer records, including user IDs, full names, nearly 400,000 email addresses, password hashes, physical addresses, zip codes, cities, states, Magneto IDs, phone numbers, and account creation dates. A separate folder exposed bank account details—including customer names, bank names, account types, and Dwolla IDs—though no credit card information was included. Notably, the dump also contained administrative credentials in plain text, including WordPress, MySQL, and Microsoft Azure login details, server addresses, and admin emails, posing severe infrastructure compromise risks. The actor further asserted the leak included the platform’s complete source code.

Guns.com acknowledged the incident in a public letter dated January 13, 2021, attributing the breach to third-party partners while asserting no evidence indicated attempted data compromise. Despite this disclosure, the full database circulated widely on hacker forums by March 2021. The exposure of customer physical addresses, weapon purchase histories, and banking details raised significant safety and fraud concerns, particularly given the politically charged U.S. environment surrounding firearms. Security analysts highlighted elevated risks of phishing, SMShing, SIM swapping, and identity theft targeting affected customers. The plain-text administrative credentials heightened potential for follow-on attacks against Guns.com’s infrastructure, though no subsequent exploitation was confirmed in the available reporting. The company did not detail specific containment measures beyond its initial statement.