GoldSilver Data Breach
GoldSilver Precious Metals Dealer Breach (2018): Customer SSN, Bank Account Numbers, Passport & Full Credit Card Data Exposed
Precious metals dealer and investment education company.
Risk Interpretation
High risk of phishing, fraud, and affluent-customer targeting. Precious-metals purchase history can also create physical-security concerns by signaling ownership of valuable portable assets.
Impact & Downstream Threats
The institutional impact of the 2018 incident on GoldSilver has been moderated by the company's relatively modest public profile and the limited number of records carrying the most severe field types. There has been no public record of regulatory penalty, class-action settlement, or major customer-notification campaign tied to the breach. The reputational risk concentrates in the trust that bullion buyers place in dealer discretion, since precious-metals customers are unusually privacy-conscious
- Financial fraud using exposed financial profile data
- Identity theft and synthetic identity construction using government-issued IDs
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
GoldSilver, a U.S.-based bullion dealer and investment-education company, suffered a data breach disclosed in October 2018 that exposed approximately 243,000 unique email addresses spanning customers and mailing-list subscribers. The breached data, alongside portions of the company's source code, was posted publicly on a dark web service where it remained accessible for months.\n\nThe exposed fields covered names, physical addresses, phone numbers, email addresses, IP addresses, security questions and answers, purchase histories, and passwords stored as MD5 hashes. For a smaller subset of customer records, the breach also exposed Social Security numbers, passport numbers, bank account numbers, and partial credit card data. That subset is the most concerning element of the incident because the combined fields amount to a near-complete identity and financial profile. GoldSilver stated at the time that all affected customers had been directly notified.\n\nFor affected individuals, the practical risk is unusually severe. Bullion customers are an attractive target for both phishing and physical-targeting attempts because purchase histories indicate ownership of high-value portable assets that may be stored at the customer's home. The combination of name, address, and Social Security number is a strong base for identity-fraud and credit-application attacks. Passport and bank account exposure extend the risk into international identity fraud and direct financial theft. Affected customers should treat their identity data as durably compromised, freeze credit at all three U.S. bureaus, monitor financial accounts closely, and maintain heightened awareness of any unsolicited contact referencing precious-metals holdings or storage.
About GoldSilver
GoldSilver is a U.S.-based precious metals dealer and investment education company founded by Mike Maloney. The business operates a direct-to-consumer bullion retail channel, selling physical gold and silver coins, bars, and storage services, alongside an extensive video and book library focused on monetary history and precious-metals investing. Customer accounts tie identity, payment, and shipping data to detailed purchase histories of high-value portable assets. The company is privately held and based in California, with a customer base concentrated in the United States and other English-speaking markets.
Why They Hold Your Data
Bullion retailers collect customer identity, addresses, payment-adjacent records, order history, and precious-metals purchase data across direct-to-consumer commerce workflows.
Recent Developments
GoldSilver has continued to operate as a bullion dealer and educational publisher in the years since the 2018 incident, with founder Mike Maloney remaining a publicly active figure in the precious-metals media space. The company has not been publicly named in any further large-scale breach disclosures. The 2018 dataset was indexed by Have I Been Pwned in late December 2018 and continues to be referenced in breach-tracking services. A sustained rise in gold prices through 2025 and into 2026 has expanded the bullion-dealer customer base, which adds urgency to any historical exposure of customer purchase records.
Data Points Exposed
Exposure Categories
Canonical Fields
bank_account_number, credit_card:partial, email_address, full_name, ip_address, passport_number, phone_number, physical_address, security_qa, ssn, transaction_history:purchase
Dark Web Verification
- Dataset containing ~243K records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: GoldSilver Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of GoldSilver
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam