GoldSilver 2018 Data Breach

GoldSilver Precious Metals Dealer Breach (2018): Customer SSN, Bank Account Numbers, Passport & Full Credit Card Data Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationRetailBank Account NumberCredit CardEmail AddressFull NameIP AddressPassport NumberPhone NumberPhysical Address
High SeverityWebsite / service breach

GoldSilver Precious Metals Dealer Breach (2018): Customer SSN, Bank Account Numbers, Passport & Full Credit Card Data Exposed

Precious metals dealer and investment education company.

Verified by ObscureIQ Intelligence
65/100Breach Risk Index
70Data Value
10Market Recency
2678dSince Breach

Breach Intelligence Summary

Entity: GoldSilver · Actor: Unknown · Sources: 4 references
Attack: Misconfiguration
Profile: Company · Precious metals sales and investment · Direct-to-consumer bullion retailer · USA
Timeline: Breach (2018-10-21) · Indexed (Dec 27, 2018) · Year (2018)
Exposure: 243K records · 11 fields: Bank Account Number, Credit Card, Email Address, Full Name, IP Address, Passport Number, Phone Number, Physical Address, Security Q&A, Social Security Number, Transaction History
Status: Confirmed

Executive Summary

GoldSilver, a U.S.-based bullion dealer and investment-education company, suffered a data breach disclosed in October 2018 that exposed approximately 243,000 unique email addresses spanning customers and mailing-list subscribers. The breached data, alongside portions of the company's source code, was posted publicly on a dark web service where it remained accessible for months.\n\nThe exposed fields covered names, physical addresses, phone numbers, email addresses, IP addresses, security questions and answers, purchase histories, and passwords stored as MD5 hashes. For a smaller subset of customer records, the breach also exposed Social Security numbers, passport numbers, bank account numbers, and partial credit card data. That subset is the most concerning element of the incident because the combined fields amount to a near-complete identity and financial profile. GoldSilver stated at the time that all affected customers had been directly notified.\n\nFor affected individuals, the practical risk is unusually severe. Bullion customers are an attractive target for both phishing and physical-targeting attempts because purchase histories indicate ownership of high-value portable assets that may be stored at the customer's home. The combination of name, address, and Social Security number is a strong base for identity-fraud and credit-application attacks. Passport and bank account exposure extend the risk into international identity fraud and direct financial theft. Affected customers should treat their identity data as durably compromised, freeze credit at all three U.S. bureaus, monitor financial accounts closely, and maintain heightened awareness of any unsolicited contact referencing precious-metals holdings or storage.

ObscureIQ assessment: High risk of phishing, fraud, and affluent-customer targeting. Precious-metals purchase history can also create physical-security concerns by signaling ownership of valuable portable assets.

Breach Impact

The institutional impact of the 2018 incident on GoldSilver has been moderated by the company's relatively modest public profile and the limited number of records carrying the most severe field types. There has been no public record of regulatory penalty, class-action settlement, or major customer-notification campaign tied to the breach. The reputational risk concentrates in the trust that bullion buyers place in dealer discretion, since precious-metals customers are unusually privacy-conscious. GoldSilver stated at the time that all affected customers had been notified directly. The publication of the company's source code alongside the customer data created additional concerns about ongoing platform security.

About GoldSilver

GoldSilver is a U.S.-based precious metals dealer and investment education company founded by Mike Maloney. The business operates a direct-to-consumer bullion retail channel, selling physical gold and silver coins, bars, and storage services, alongside an extensive video and book library focused on monetary history and precious-metals investing. Customer accounts tie identity, payment, and shipping data to detailed purchase histories of high-value portable assets. The company is privately held and based in California, with a customer base concentrated in the United States and other English-speaking markets.

Why They Hold Your Data

Bullion retailers collect customer identity, addresses, payment-adjacent records, order history, and precious-metals purchase data across direct-to-consumer commerce workflows.

Recent Developments

GoldSilver has continued to operate as a bullion dealer and educational publisher in the years since the 2018 incident, with founder Mike Maloney remaining a publicly active figure in the precious-metals media space. The company has not been publicly named in any further large-scale breach disclosures. The 2018 dataset was indexed by Have I Been Pwned in late December 2018 and continues to be referenced in breach-tracking services. A sustained rise in gold prices through 2025 and into 2026 has expanded the bullion-dealer customer base, which adds urgency to any historical exposure of customer purchase records.

Data Points Exposed

11 verified field types
Bank Account Number Critical
Credit Card Critical
Email Address
Full Name High
IP Address
Passport Number Critical
Phone Number
Physical Address High
Security Q&A Critical
Social Security Number Critical
Transaction History High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Financial fraud using exposed financial profile data
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • ACH fraud & unauthorized transfers
  • Card-present & card-not-present fraud
  • Card identification & social engineering
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Geolocation & account flagging
  • International identity fraud & border exploitation
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Account recovery hijacking
  • Full identity theft & synthetic identity fraud
  • Lifestyle profiling & targeted fraud

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the GoldSilver breach?

GoldSilver, a U.S.-based bullion dealer and investment-education company, suffered a data breach disclosed in October 2018 that exposed approximately 243,000 unique email addresses spanning customers and mailing-list subscribers. The breached data, alongside portions of the company's source code,…

What data was exposed?

Verified fields include Bank Account Number, Credit Card, Email Address, Full Name, IP Address, Passport Number, Phone Number, Physical Address, Security Q&A, Social Security Number, Transaction History.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation