hacked, significant personal information leaked


As the domain name indicates, is a major Minnesota, US-based platform to buy and sell guns online. It is also home to news and updates for gun owners and enthusiasts around the world. However, on March 9th, 2021, a database apparently belonging to was dumped on an infamous hacker forum.

The actor behind the data dump claimed that it includes a complete database of along with its source code. They further added that the breach took place somewhere around the end of 2020 and the data was sold privately meaning on Telegram channels or dark web marketplaces.

What data has been leaked?
According to’s analysis, the data contains highly sensitive information of’s administrators and customers including:

• User IDs
• Full names
• Almost 400,000 email addresses
• Password hashes
• Physical addresses
• Zipcodes
• City
• State
• Magneto IDs
• Phone numbers
• Account creation date

One of the folders in the leaked database includes customers’ bank account details including:

• Full name
• Bank name
• Account type
• Dwolla IDs
However, credit card numbers or VCC numbers were not leaked. admin login credentials also leaked
Additionally, an Excel file in the database as seen by seems to contain sensitive login details of including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials. However, it is unclear whether these credentials are recent, old, or already changed by the site’s administrators amid the breach.

This can have a devastating effect on the company since all admin credentials including admin emails, passwords, login links, and server addresses are in plain text format. acknowledged the breach on a limited level
On January 13th, 2021, published a letter on its website in which the company acknowledged the breach. However, the breach was blamed on third parties with whom work.

The company further claimed that “There was no indication of any attempt to compromise data” yet the alleged database is currently circulating on infamous English and Russian speaking hacker forums.

“On Monday, January 11th, was the victim of a malicious cyber-attack designed solely to prevent our business from operating. This attack was highly sophisticated, was targeted at third parties with which we work, and was designed to take down our website. The actual attack lasted less than 10 minutes, but the damage was temporarily done to our website’s ability to be displayed properly. There was no indication of any attempt to compromise data – this was purely designed to cause business disruption to”,  the company maintains in its letter to customers and partners.”


Please enter your comment!
Please enter your name here