Login database at your store hacked?

[bacardi]

I did buy something from them a while ago. I think CanadaAmmo needs to come out here to let the community aware.

[Goldman]

Posted in error

[Aniest]

Im not very knowledgeable when it comes to tech but if peoples home addresses were also compromised couldn't this be used by criminals to target homes for theft?

Yes, it is possible.

Most likely, believe it or not, the information is sold to scammers who will now target you with phishing emails or phone calls to actively scam you. They will use the knowledge of your address, credit card number and so forth to try to make themselves look official. Most likely they will try to spoof Canada Revenue Agency official correspondence because it is tax time!

Biggest advice for anyone who thinks they were in the hack: do not reply to ANY email, letter, mail or phone call from someone at this time. Make sure you ask for a reference number and then call that agency or company back on known numbers. Do NOT say the word Yes at any time, do not agree to anything. Only ask for a reference number. They will be insistent. They may threaten police action.

Also get your free once a year credit check in about 4 months from TransUnion or Equifax to check for issues.

The chances of an identity theft is low because that takes some work. It is easier for them to contact you and scam you with your permission.

[seamus]

thanks for posting this, I hope most people excercise good cybersecurity practices and use different passwords for every account, password managers are pretty much a requirement these days since everything forces you to make an account. This is also exactly why I hate the policy of some retailers in requiring copies of driver's licence's to purchase NR firearms, not only is it unnecessary and not legally required, but is not safe practice imo. I avoid buying from any place that would require to do so.

[JaysonCraig]

I just came across a homebrew system that was made by a guy who learned to code with no formal computer science training. His system does not hash passwords or sanitize for SQL injection, but was sold to a bunch of non-profits because that's all they wanted to pay. One even contains people's SIN.

I also have a client and various suppliers that still take credit card numbers over the phone. And I know one of them puts them in a spreadsheet to be sent off to their accountant.

Not that I have any data to support this, but I'm convinced that for the most of us, some criminal somewhere already has our credit card info.

wheres the puke face smiley?

[testosteronecyp]

I HAVE been getting a lit of phishing texts lately pretending to be various Canadian banks. Literally in the last couple weeks.

[Trimmer 905]

Hi,

Curious if I need to do anything?

I use Avast antivirus and I just got an email that said "we’ve just found your password in a database of leaked login details. "

It says:

Canadaammo.com
77,468 accounts affected
At an unknown date, the Canadian gun and knife site Canada Ammo was allegedly breached. The stolen data contains usernames, passwords, email addresses, IP addresses, and additional personal information. This breach is being privately shared on the internet.

First,check that the original e-mail is actually from Avast and not a phishing/spoof scam. Second,change your password(s),but,NEVER use a link from any e-mail. Go to the corporate website.

[Painkillers]

Two pages worth of questions during mid-week and zero response from CanAm!? The silence is deafening!! Delete, edit, delete, delete...they are obviously unworthy of my trust.

[CanAm]

Just saw this thread. I have not heard this info before, but will investigate immediately

[captainamazing]

idk how passwords could be stolen unless a 10 year old made the database. its pretty common to hash passwords so they never get stored, and only compared with another hash. but i have seen plain text passwords stored so its possible

Yes even the big guys can be dumb. Sony Entertainment stored CC numbers, names and addresses in plain text for ages until the massive data breach a few years ago.

https://haveibeenpwned.com/ check your self