The gun sales site Gunauction.com has had its database breached. The data exposed belonged to 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords, and telephone numbers.

My advice is that you make sure that you change your passwords for that site using password best practices.


4 Comments

It's just Boris · March 3, 2023 at 7:32 am

“TechCrunch analyzed a sample of the stolen data, and reached out to 100 people via email and 60 via phone call. Of those, 10 people confirmed that the data contained in the stolen database was accurate.”

Based on this admittedly small sample, I’d estimate that just over 6% of people are susceptible to spear phishing. I’m not sure whether to be happy it’s that low, or worried that it’s that high.

Seriously … If you thought your credentials and info were stolen, would you confirm not only the theft, but that the info they had was accurate, to a random journalist?

Eric Wilner · March 3, 2023 at 9:59 am

Plaintext passwords.
In the database.
Excuse me, what century are we in?

TB · March 3, 2023 at 10:01 am

Reading through the password tips, I’d never considered the spellchecker and “save as a real word”. Thank you.

It got me to wonder – what about the clipboard on a phone? It seems to store the last _x_ clips.

anonymous coward · March 4, 2023 at 7:58 pm

Real world IT security cost $$$, most companies think they can obtain the same results – by having the proper policies in place skipping the cost of hardware, software and people.

Comments are closed.