GunAuction.com

GunAuction.com operates as an online marketplace dedicated to the auction of firearms and related accessories. The platform enables registered users to list items for sale, place bids, and complete purchases through its website. Participation requires users to create an account and provide personal information such as name, address, email and telephone number. By focusing exclusively on firearm transactions, the service caters to buyers and sellers within the United States who seek a specialized venue for legal gun sales.

In March 2023, the company disclosed a data breach that exposed the personal information of over 550,000 users. The compromised data included full names, home addresses, email addresses, plaintext passwords and telephone numbers. The storage of passwords in plaintext meant that attackers could potentially reuse those credentials to gain unauthorized access to user accounts.

The breach stemmed from an unsecured server that stored a copy of the stolen database and was accessible without any authentication controls, as discovered by an anonymous security researcher. Passwords were stored in plaintext, revealing a lack of basic encryption protections for user credentials. The company's CEO confirmed the incident after being contacted by the FBI, acknowledging unauthorized access to personal data while stating there was no evidence that financial information had been compromised. TechCrunch later verified portions of the breach details through outreach to affected users, although the exact recency of the exposed data remained uncertain due to undeliverable communications.