Login database at your store hacked?

Status
Not open for further replies.
C

chris

Member
Hi,

Curious if I need to do anything?

I use Avast antivirus and I just got an email that said "we’ve just found your password in a database of leaked login details. "

It says:

Canadaammo.com
77,468 accounts affected
At an unknown date, the Canadian gun and knife site Canada Ammo was allegedly breached. The stolen data contains usernames, passwords, email addresses, IP addresses, and additional personal information. This breach is being privately shared on the internet.
 
idk how passwords could be stolen unless a 10 year old made the database. its pretty common to hash passwords so they never get stored, and only compared with another hash. but i have seen plain text passwords stored so its possible
 
Jeezus Chrisp.

Yes you do need to do something. Assume "they" have your cc number, your address and email...perhaps phone number as well? That's more than enough to make another "you".

Dump your cc, change all passwords and curse Canada Ammo for not informing us.
 
JaysonCraig said:
idk how passwords could be stolen unless a 10 year old made the database. its pretty common to hash passwords so they never get stored, and only compared with another hash. but i have seen plain text passwords stored so its possible
Click to expand...

I just came across a homebrew system that was made by a guy who learned to code with no formal computer science training. His system does not hash passwords or sanitize for SQL injection, but was sold to a bunch of non-profits because that's all they wanted to pay. One even contains people's SIN.

I also have a client and various suppliers that still take credit card numbers over the phone. And I know one of them puts them in a spreadsheet to be sent off to their accountant.

Not that I have any data to support this, but I'm convinced that for the most of us, some criminal somewhere already has our credit card info.
 
Thanks for sharing with us OP , geez I ordered from them during their Halloween sale , I don't recall if I have made and account with them or not.

I have about 35 different services who direct bill to my CC, it is such a pain in the rear to get a new card and contact all my services and change the CC billing info ( literally a full 8 hour day ) ill take my chances, CC will always re imburse fraudulent charges anyways.

Will be waiting for CanadaAmmo to chime in
 
I got the same warning from Avast. For anyone curious, here it is.

v2xApZj.png
 
Im not very knowledgeable when it comes to tech but if peoples home addresses were also compromised couldn't this be used by criminals to target homes for theft?
 
Painkillers said:
Jeezus Chrisp.

Yes you do need to do something. Assume "they" have your cc number, your address and email...perhaps phone number as well? That's more than enough to make another "you".

Dump your cc, change all passwords and curse Canada Ammo for not informing us.
Click to expand...
Just checked my account to change password. They do have my old credit card # on file
 
NeonGreen said:
Im not very knowledgeable when it comes to tech but if peoples home addresses were also compromised couldn't this be used by criminals to target homes for theft?
Click to expand...

Absolutely. Also I believe PAL numbers were stored in the account as well for purchasing firearms and ammo.
 
I did buy something from them a while ago. I think CanadaAmmo needs to come out here to let the community aware.
 
NeonGreen said:
Im not very knowledgeable when it comes to tech but if peoples home addresses were also compromised couldn't this be used by criminals to target homes for theft?
Click to expand...

Yes, it is possible.

Most likely, believe it or not, the information is sold to scammers who will now target you with phishing emails or phone calls to actively scam you. They will use the knowledge of your address, credit card number and so forth to try to make themselves look official. Most likely they will try to spoof Canada Revenue Agency official correspondence because it is tax time!

Biggest advice for anyone who thinks they were in the hack: do not reply to ANY email, letter, mail or phone call from someone at this time. Make sure you ask for a reference number and then call that agency or company back on known numbers. Do NOT say the word Yes at any time, do not agree to anything. Only ask for a reference number. They will be insistent. They may threaten police action.

Also get your free once a year credit check in about 4 months from TransUnion or Equifax to check for issues.

The chances of an identity theft is low because that takes some work. It is easier for them to contact you and scam you with your permission.
 
thanks for posting this, I hope most people excercise good cybersecurity practices and use different passwords for every account, password managers are pretty much a requirement these days since everything forces you to make an account. This is also exactly why I hate the policy of some retailers in requiring copies of driver's licence's to purchase NR firearms, not only is it unnecessary and not legally required, but is not safe practice imo. I avoid buying from any place that would require to do so.
 
jason2k said:
I just came across a homebrew system that was made by a guy who learned to code with no formal computer science training. His system does not hash passwords or sanitize for SQL injection, but was sold to a bunch of non-profits because that's all they wanted to pay. One even contains people's SIN.

I also have a client and various suppliers that still take credit card numbers over the phone. And I know one of them puts them in a spreadsheet to be sent off to their accountant.

Not that I have any data to support this, but I'm convinced that for the most of us, some criminal somewhere already has our credit card info.
Click to expand...

wheres the puke face smiley?
 
chris said:
Hi,

Curious if I need to do anything?

I use Avast antivirus and I just got an email that said "we’ve just found your password in a database of leaked login details. "

It says:

Canadaammo.com
77,468 accounts affected
At an unknown date, the Canadian gun and knife site Canada Ammo was allegedly breached. The stolen data contains usernames, passwords, email addresses, IP addresses, and additional personal information. This breach is being privately shared on the internet.
Click to expand...

First,check that the original e-mail is actually from Avast and not a phishing/spoof scam. Second,change your password(s),but,NEVER use a link from any e-mail. Go to the corporate website.
 
Two pages worth of questions during mid-week and zero response from CanAm!? The silence is deafening!! Delete, edit, delete, delete...they are obviously unworthy of my trust.
 
Last edited:
JaysonCraig said:
idk how passwords could be stolen unless a 10 year old made the database. its pretty common to hash passwords so they never get stored, and only compared with another hash. but i have seen plain text passwords stored so its possible
Click to expand...

Yes even the big guys can be dumb. Sony Entertainment stored CC numbers, names and addresses in plain text for ages until the massive data breach a few years ago.

https://haveibeenpwned.com/ check your self
 
Status
Not open for further replies.
Back
Top Bottom