Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned.
The breach exposed realms of sensitive personal data for more than 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords, and telephone numbers. Also, the stolen data allegedly makes it possible to link a particular person with the sale or purchase of a specific weapon.
“With this data, you can then take a public listing…and resolve it back to the [data in the stolen database] so you have the name, email and physical address and phone number of [the seller] and presumably, the location of the gun,” Troy Hunt, a cybersecurity expert who runs the popular data breach repository and alerting service Have I BeenPwned, told TechCrunch. (The researcher who found the breach shared the data with Hunt so he can upload it to Have I BeenPwned.)
At the end ...