Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
United Kingdom Privacy Security

Hole Blasted In Guntrader: UK Firearms Sales Website's CRM Database Breached, 111K Users' Info Spilled Online (theregister.com) 63

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Register reports: The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The database contains names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords. It is a severe breach of privacy not only for Guntrader but for its users: members of the UK's licensed firearms community. Guntrader spokesman Simon Baseley told The Register that Guntrader.uk had emailed all the users affected by the breach on July 21 and issued a further update yesterday.

Guntrader is roughly similar to Gumtree: users post ads along with their contact details on the website so potential purchasers can get in touch. Gun shops (known in the UK as "registered firearms dealers" or RFDs) can also use Guntrader's integrated gun register product, which is advertised as offering "end-to-end encryption" and "daily backups", making it (so Guntrader claims) "the most safe and secure gun register system on today's market." [British firearms laws say every transfer of a firearm (sale, drop-off for repair, gift, loan, and so on) must be recorded, with the vast majority of these also being mandatory to report to the police when they happen...]

The categories of data in the stolen database are: Latitude and longitude data; First name and last name; Police force that issued an RFD's certificate; Phone numbers; Fax numbers; bcrypt-hashed passwords; Postcode; Postal addresses; and User's IP addresses. Logs of payments were also included, with Coalfire's Barratt explaining that while no credit card numbers were included, something that looks like a SHA-256 hashed string was included in the payment data tables. Other payment information was limited to prices for rifles and shotguns advertised through the site.
The Register recommends you check if your data is included in the hack by visiting Have I Been Pwned. If you are affected and you used the same password on Guntrader that you used on other websites, you should change it as soon as possible.
This discussion has been archived. No new comments can be posted.

Hole Blasted In Guntrader: UK Firearms Sales Website's CRM Database Breached, 111K Users' Info Spilled Online

Comments Filter:
  • Wouldn't that be the smallest breach ever? There are more names in the Vatican's "we gotta transfer these guys" database.
  • When they said thugs will grab your registered firearms....
  • So the criminals are going to pester armed citizens? So what could possibly go wrong...for them?

    • Fool. (Score:5, Informative)

      by gurps_npc ( 621217 ) on Friday July 23, 2021 @09:49PM (#61614449) Homepage

      You are a total fool. These criminals specifically know their victims have guns. They will come FOR those guns and they will be prepared. They will be specifically targeting people that own multiple weapons.

      Can an honest citizen with a gun defend themselves? Yes. If they are ready and prepared for it and the criminal is not.

      Can a citizen that has no idea armed criminals are coming to steal their firearms beat them? No chance.

      None at all. The criminals may wait till the gun owner leaves the house. If the gun owner is in the country they will do a full armed invasion, wearing body armor.

      Ambush beats machismo. No matter how much of an arrogant gun nut you are, you WILL lose if a team of body armor wearing armed thugs come for you. Especially if they wait you go to work.

      • Re: (Score:2, Troll)

        by Ostracus ( 1354233 )

        Gurps_npc meet the NRA. NRA meet Gurps_npc. Apparently one of you believes your guns will protect you from a corrupt government. The other? Well they have body armor.

      • So you dont actually own guns. You cant even run off with my arsenal of weapons because the ammo cans weigh down the weapons locker too heavily to run off with. Besides they might be too busy trying to run off with mason jars of cannabis for personal use. Meanwhile get several rounds of .308 in their upper torso from my AR-10. This is assuming they survived the home alarm and the pit bull that, aside from intruders, is the biggest lapdog baby ive ever seen.
        • by Cederic ( 9623 )

          Well done, you've just demonstrated that you're not in the UK and have no fucking clue about UK law.

          Hint: If you're able to to respond to an alarm with a loaded .308 in the UK, you're about to lose the AR-10, your FAC and your liberty.

          • Sounds like I'm better off in USA if that's the consequences to defending my home against invaders.

            • by Cederic ( 9623 )

              Sounds like you'd be better off in the UK if you currently live somewhere that home invaders are a credible risk.

      • I can't believe this got modded up. TFA says it was untargeted. Just a random sql exploit that gained attention because of a thin connection to gun ownership. People don't read anymore I guess.
        • by nagora ( 177841 )

          I can't believe this got modded up. TFA says it was untargeted.

          And no one can download the result, is that what you think?

          • Um, no. I already downloaded it. It's of no more consequence than any other db leak. If you're dumb enough to re-use your passwords, you might be in trouble. But 2FA exists to protect dumb people from their dumb actions anyway. I imagine the gun people are probably slightly dumber than most but not enough for this to be a big deal.
      • "They will come FOR those guns and they will be prepared. They will be specifically targeting people that own multiple weapons." overestimates how criminals work, and the sort who HAVE firearms don't need to do home invasions to obtain them. Unarmed BURGLARS on the other hand can lie in wait....

        Most home firearms thefts are not home invasions. Perhaps you should study your subject or not express an utterly uniformed, ignorant opinion. The citizen may also employ a gun safe, alarms and a security system as

    • This is your takeaway? You think they're after your stockpile of canned food?
    • by fermion ( 181285 )
      No, these are invaders and terrorist first target. Armed citizens pose little threat when the house is blown up in the middle of the night. In the US it is so much simpler. Any terrorist can but a copy of the NRA list.
      • by Nonesuch ( 90847 )

        Any terrorist can but a copy of the NRA list.

        There is no "NRA List". The closest thing available is a mailing list sold by the NRA containing names and addresses for former members.

        NRA claims about 5 million members, yet recent surveys find that about 40% of adult Americans own a gun or live with someone who does -- 83 million armed citizens

  • A vaguely positive aspect of this is that we banned hand guns, so the weapons revealed by this hack are 'only' rifle and shot guns. But in a country where there is a thriving trade in illegal guns at high prices, this is very bad news.

    https://www.standard.co.uk/new... [standard.co.uk]

    • Agree to an extent, but there was absolutley no justification for the incoming Blair government to ban small calibre rimfire target pistols in 1997. It means that the British olympic team has to train abroad. A ridiculous piece of 'think of the children' legislation that should be repealed.

  • It was Obama he's coming to take their guns.

  • Puhleeze. Guns in the UK are not a thing. There was nothing more disturbing than walking into Holland & Holland in London and seeing the three or four high-end hunting rifles. It's now a clothing store for the most part. Purdy was a little better but the cheapest thing in there was $40,000.

You are always doing something marginal when the boss drops by your desk.

Working...