/https://specials-images.forbesimg.com/imageserve/5f37a0043c032729f4cc84f7/0x0.jpg)
Gun owners advised to beware of phishing threats after stolen data advertised on dark web
picture alliance via Getty Images
A Bleeping Computer report has warned that users of a popular gun exchange site may have had their email addresses, usernames and passwords stolen.
An August 10 posting on a cybercrime forum says it is giving away stolen databases, containing a total of 240,000 records from the Utah Gun Exchange, for free. The same hacker is also offering two other smaller stolen databases, one from a hunting site and another from a “kratom” herb site, again with no payment required.
What links all three, according to information supplied to the publication by threat intelligence specialists, is that all of the advertised databases were all from Utah-based businesses hosted on the same Amazon cloud server.
Cloud security problems
Lawrence Abrams, reporting for Bleeping Computer, said that the actual data from each site is different but “consists of email addresses, login names, and hashed passwords.” Abrams also confirmed that while it had not been possible to validate all the exposed data within these databases, many of the email addresses did belong to registered site users.
It is believed, given that July 16 is the last date stamp on any of the database records, a breach could have occurred then. If this is, indeed, the case, then a misconfiguration of the cloud server “buckets” could well be the root cause.
Chris Hauk, a consumer privacy champion at Pixel Privacy, agrees that “at first glance, this appears to be another case of databases stored on Amazon’s AWS service that were not properly secured.”
“Cloud storage solutions are convenient and cost-effective, but we must not forget that proper configuration of any cloud service means configuring components, like S3 buckets, securely,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre (CyRC) said. “Securely in this context implies a review of the security requirements for the data stored,” Mackey added, and “also ensures that regulations like the Privacy Act 2020 are respected.”
I have reached out to the Utah Gun Exchange to request a statement. I will update this article in due course with any response.
Mitigate the risk of targeted ‘spear-phishing’ attacks
In the meantime, it would seem to me to make good security sense to assume that if you are a Utah Gun Exchange user, or either of the other sites that are referenced in the original report, your account credentials may have been compromised.
“Affected users should change their passwords to a secure and unique password, while also making sure they do not use the same password on any other sites,” Hauk said, “they should also keep a wary eye out for email phishing attempts targeted at their demographic.”
This latter point, about the “spear-phishing” potential, is well worth taking in. Any savvy cyber-criminal will customize an initial attack to have the air of validity. In this case, that could mean emails asking you to click a link to reset your password to the site concerned, or something of gun-themed interest that looks to good to pass up.