The criminals stole details of over 111,000 customers from a website for buying and selling firearms, Guntrader. The breach took place on July 21.
The SQL database that powers Guntrader.uk’s buy-and-sell website contains records from between 2016 till 17 July this year. There are details like names, email addresses, hashed passwords, and phone numbers of Guntrader’s users.
Andrew Barratt, UK MD of infosec biz Coalfire, who has analyzed the database said, “I suspect it was probably a drive-by style attack. So gut feeling looking at the response from the attackers that they posted on forums, [it was] completely un-targeted, it was kind of very much like ‘lol we pulled another site’ and then it’s like, oh, wow.”
Guntrader notified all the affected users on 21 July.
“The Information Commissioner’s Office was informed within hours of the breach being discovered and since then we have been working with them and the other relevant agencies to mitigate whatever impact if any this might have upon Guntrader’s users,” Guntrader spokesman Simon Baseley told The Register.
Baseley did not answer The Register’s questions why Guntrader’s website is not currently updated regarding the incident.
Guntrader is similar to Gumtree, where users can post ads and potential buyers can get in touch. It’s also used by gun shops to register weapons and keep track of them.
British firearms laws require that every transfer of a gun be recorded. This procedure is rather time-consuming and involves reporting to the police when necessary. Guntrader’s goal was to provide a simple and automated way to manage all of your gun trading needs. The website generates emails that contain legally required data for police firearms licensing units. But these did not seem to have leaked.
The data in the stolen database that leaked is Latitude and longitude data, First name and last name, Police force that issued an RFD’s certificate, Phone numbers, Fax numbers, bcrypt-hashed passwords, Postcode, Postal addresses, and User’s IP addresses.
While no credit card numbers were included, logs of payments were also included, as were details that seems to be SHA-256 hashed strings for payments.