Breach Database / GoldSilver
Yes — GoldSilver was breached.
- 242,715 accounts affected
- Breach occurred 2018-10-21 · goldsilver.com
- Verified entry in the Have I Been Pwned catalog
What happened
In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained including names, addresses, phone numbers, purchases and passwords and answers to security questions stored as MD5 hashes. In a small number of cases, passport, social security numbers and partial credit card data was also exposed. The data breach and source code belonging to GoldSilver was publicly posted on a dark web service where it remained months later. When notified about the incident, GoldSilver advised that "all affected customers have been directly notified".
What data was exposed
- Bank account numbers
- Email addresses
- IP addresses
- Names
- Partial credit card data
- Passport numbers
- Phone numbers
- Physical addresses
- Purchases
- Security questions and answers
- Social security numbers
What to do right now
- Watch your card and bank statements. Set up transaction alerts, and consider a card freeze or replacement if the exposure included full card numbers.
- Freeze your credit. A credit freeze at the major bureaus is free and blocks new accounts from being opened in your name.
- Be alert for smishing and SIM-swap attempts. Treat unexpected texts and "carrier" calls with suspicion; add a PIN/port-freeze with your mobile carrier.
- Watch for targeted phishing mail. A leaked home address makes postal and doorstep scams more convincing.
- Reset security questions everywhere you used the same answers. Treat leaked security answers like leaked passwords — they rarely change and unlock account recovery.
- Expect convincing phishing emails. Attackers use breached details to write personalized emails. Be suspicious of any message referencing this service.
- Check your other accounts on Have I Been Pwned. Your email address may appear in other breaches you don't know about yet.
- Monitor the apps you use going forward. Clearly watches the breach record for the companies behind your apps and alerts you the moment one appears.
Breach data from Have I Been Pwned. Listing here means the service appears in the public breach record — not that your personal data was affected.