Two two American gun shops, Rainier Arms and Numrich Gun Parts, that operate e-commerce sites have disclosed data breaches resulting from card skimmer infections on their sites.
Credit card skimmers are malicious JavaScript code either embedded on the sites or fetched from a remote resource by a seemingly innocuous element, such as a favicon. Their purpose is to steal payment information entered on order checkout pages.
The operators of these skimmers can steal credit card numbers, expiration dates, CVV codes, customer names, phone numbers, and addresses, which is all they need to perform unauthorized online purchases.
Rainier Arms breach
Ranier Arms, who operates on rainierarms.com, says they began receiving reports of unauthorized payment card activity of cards of its customers as early as December 2021.
After conducting an investigation, the company located the malicious card-stealing code on its site on April 21, 2022, and determined that it was actively harvesting payment details between June 1, 2021, and January 19, 2022.
Customers who made online purchases between those dates should consider their credit card details compromised and request a card replacement from your bank.
Rainier Arms sent 46,319 notices to impacted customers, a copy of which can be found on the online portal of Montana’s Attorney General.
Numrich breach
Numrich Gun Parts Corporation, whose website is gunpartscorp.com, suffered a similar breach on its website, which it discovered on March 28, 2022.
The subsequent investigation showed that payment information entered on the site between January 23, 2022, and April 5, 2022, was stolen by an unknown actor.
According to a notice shared with the Office of the Maine Attorney General, the number of affected customers is 45,169, all of whom will receive a data breach notice in the following days.
Impact of exposure
Having your credit or debit card details stolen is a direct threat to your financial integrity as threat actors are enabled to perform unauthorized purchases with your balance, but in this case, that’s not the whole story.
Gun ownership is a sensitive topic in itself, so identifying large firearms purchases could put customers in the crosshairs of criminals who are on the lookout for valuable stashes.
Especially in the case of Rainier Arms, which sells high-end tactical rifles, the scenario can become even more tempting for criminals.
Source: https://www.bleepingcomputer.com/news/security/online-gun-shops-in-the-us-hacked-to-steal-credit-cards/
