Major security breach affecting thousands of UK gun owners
Guntrader, the UK’s largest online marketplace for guns, has been hacked and its users’ personal data including postal and email addresses and phone numbers has been offered for a token fee on a hacking forum.
According to experts who have seen the data which was stolen, the hackers have records of more than 100,000 individual accounts.
As well as the gun sales aspect of the website, Guntrader also offers a ‘client relations management’ service to gun shops who use its systems to record their transactions and to maintain a profile of what was bought by individual customers. We have been able to establish that some of the data stolen came from gun shop customers who were unaware that Guntrader was storing their information.
Computer security experts who spoke anonymously suggested that a technique called SQL injection may have been used to target the website.
SQL injection uses well known and easily solved security flaws to attack and steal the databases that a website relies on. If this is correct it suggests serious and basic security flaws were not identified and tackled.
So far there is nothing to suggest the involvement of animal rights or anti-shooting campaigners in the hack. The information was dumped online by a known hacker with a track record of previous attacks on websites. However there is little now to stop such groups accessing the data.
While Guntrader insisted that the data did not show who held guns others pointed out that membership of Guntrader is in itself a strong indicator of gun ownership. Worryingly other databases as well as the membership database were also stolen; these include a database recording ammunition sales as well as transfer records and a large amount of other data.
What to do if you think you might have been caught up in the attack
Do not attempt to access the hacked data – the files which are available online contain ‘malware’ which could be used to steal your personal information. They should only be handled by computer security experts.
Check if you have been caught up in the attack by entering your email address or phone
number at haveibeenpwned.com.
If your data has been stolen and you have used the same password for Guntrader as for other sites you should urgently consider changing that password on those other sites.
Ensure a high standard of physical security for your guns and ammunition and report any concerns to the police.
Shooting UK has contacted Guntrader for comment and will update this article if and when a response is received.