Jump to content

Guntrader Hacked

grahamch

By grahamch,
in General Shooting Matters

 Share

Recommended Posts

Good shot?

Good shot?

Posted
Posted (edited)

 

Part Copy email l received

Data relating to approximately 110,000 users held within guntrader.uk has been published on the dark web.

 

The South West Regional Organised Crime Unit's Cyber Crime Unit, supported by the National Crime Agency are currently investigating the breach. The link to this data is no longer available and work is being done to understand who has viewed the data and identify those responsible for the breach.

 

Gun Trader have contacted the Information Commissioner to report the breach and have contacted all affected users.

 

The investigation to date has not highlighted any increased risk to any specific individual exposed by the data breach. However, the data breach heightens any potential risk by putting all of the data in a single place. 

 

 

Firearms Licensing

 

  • Review your general security arrangements - The Firearms Security Handbook 2020, published by the Home Office is available here.
      • Regularly check, maintain and use any Alarm / CCTV system / Security lighting
      • Check your cabinet fixings - consider adding / replacing fixings or re-siting your cabinet(s) to a location which frustrates any attempt to open or fully remove the cabinet, such as a corner.
      • Ensure that you keep any keys to your cabinet(s) in a place where they cannot be easily found. Criminals are aware of the habit of 'hiding' keys in a drawer, so think carefully about the hiding place. An option is to keep keys in a small combination safe. Another option is opt for a gun cabinet which uses a combination lock.
      • Consider splitting your guns across more than one cabinet located in different locations within your address, i.e. storing shotgun barrels in a separate cabinet. This helps to prevent the theft of any fully assembled, working firearm.
      • Should you wish for any specific security advice, please contact the unit by email – Firearms.Licensing@merseyside.police.uk detailing your query. An Enquiry Officer will contact you to discuss.
  • Remain vigilant and report any suspicious activity to police - either online, by phone on 101, or 999 in the case of an emergency
  • Should you wish to advertise any item held on your certificate(s), it would be advisable to use a different contact number to the one originally used to sign up to Gun Trader. This is due to the relative ease in identifying a current seller's address using the contact number as a unique identifier once in possession of the leaked data. Should you have any concerns in relation to any potential buyer, please contact the Firearms Licensing Unit 

 

 

Cyber Security

 

The following advice has been provided by Merseyside Police's Cyber Crime Unit. Although no financial information has been leaked from the Gun Trader website, it is important to change your password on any other user accounts to which you use the same password.

 

Protect Advice 

 

Please find some useful links below which is National Guidance from NCSC on Cyber Protection Tips, advice and guidance, these are great free resources and worthy of your time to read through :  

 

https://www.ncsc.gov.uk/cyberaware                   

   

Another great webpage which you may wish to look at is the below – Have I been Pwned – This allows you to put in your email address and let you see if any of your Emails or Passwords have been compromised in the past, this also allows you to check your passwords and identify if they have been breached.  

 

https://haveibeenpwned.com/

 

If you receive suspicious Emails that you believe are phishing emails I would suggest that you report the email you received to the NCSC suspicious email reporting service (SERS) which you can find the link below.  This will allow us to build up the intelligence picture and prevent this from happening to anyone else:

 

https://www.ncsc.gov.uk/information/report-suspicious-emails   

 

This site has step by step guides on how to enable two multi factor authentication which is a security feature on various sites that you may use to make them more secure. 

 

https://www.turnon2fa.com/tutorials/

 

In the unfortunate event that you do fall victim to Cyber Crime or Fraud, then please report the matter to Action Fraud on 0300 123 2040.  Action Fraud are now available 24/7, 365 days a year.  You are also able to report a crime via the Action Fraud Website www.actionfraud.police.uk

 


Firearms & Explosives Licensing Manager
CSD Firearms & Explosives



 

               

 

Edited by Good shot?
Removed contact details
Link to comment
Share on other sites
Good shot?

Good shot?

Posted
Posted
5 hours ago, Jaymo said:

Maybe the have some experts following the breach?

But, how can Guntrader’s breach give rise to any info on your security arrangements? 
 

Good Shot, Are you sure the email that was received actually came from your Firearms department and isn’t a ‘phishing’ exercise? Be wary of replying to any email received. 
 

Jaymo, I have firearms office in my contacts and it came from them.

Link to comment
Share on other sites
Scully

Scully

Posted
Posted
On 11/08/2021 at 23:25, Good shot? said:

 

Part Copy email l received

Data relating to approximately 110,000 users held within guntrader.uk has been published on the dark web.

 

The South West Regional Organised Crime Unit's Cyber Crime Unit, supported by the National Crime Agency are currently investigating the breach. The link to this data is no longer available and work is being done to understand who has viewed the data and identify those responsible for the breach.

 

Gun Trader have contacted the Information Commissioner to report the breach and have contacted all affected users.

 

The investigation to date has not highlighted any increased risk to any specific individual exposed by the data breach. However, the data breach heightens any potential risk by putting all of the data in a single place. 

 

 

Firearms Licensing

 

  • Review your general security arrangements - The Firearms Security Handbook 2020, published by the Home Office is available here.
      • Regularly check, maintain and use any Alarm / CCTV system / Security lighting
      • Check your cabinet fixings - consider adding / replacing fixings or re-siting your cabinet(s) to a location which frustrates any attempt to open or fully remove the cabinet, such as a corner.
      • Ensure that you keep any keys to your cabinet(s) in a place where they cannot be easily found. Criminals are aware of the habit of 'hiding' keys in a drawer, so think carefully about the hiding place. An option is to keep keys in a small combination safe. Another option is opt for a gun cabinet which uses a combination lock.
      • Consider splitting your guns across more than one cabinet located in different locations within your address, i.e. storing shotgun barrels in a separate cabinet. This helps to prevent the theft of any fully assembled, working firearm.
      • Should you wish for any specific security advice, please contact the unit by email – Firearms.Licensing@merseyside.police.uk detailing your query. An Enquiry Officer will contact you to discuss.
  • Remain vigilant and report any suspicious activity to police - either online, by phone on 101, or 999 in the case of an emergency
  • Should you wish to advertise any item held on your certificate(s), it would be advisable to use a different contact number to the one originally used to sign up to Gun Trader. This is due to the relative ease in identifying a current seller's address using the contact number as a unique identifier once in possession of the leaked data. Should you have any concerns in relation to any potential buyer, please contact the Firearms Licensing Unit 

 

 

Cyber Security

 

The following advice has been provided by Merseyside Police's Cyber Crime Unit. Although no financial information has been leaked from the Gun Trader website, it is important to change your password on any other user accounts to which you use the same password.

 

Protect Advice 

 

Please find some useful links below which is National Guidance from NCSC on Cyber Protection Tips, advice and guidance, these are great free resources and worthy of your time to read through :  

 

https://www.ncsc.gov.uk/cyberaware                   

   

Another great webpage which you may wish to look at is the below – Have I been Pwned – This allows you to put in your email address and let you see if any of your Emails or Passwords have been compromised in the past, this also allows you to check your passwords and identify if they have been breached.  

 

https://haveibeenpwned.com/

 

If you receive suspicious Emails that you believe are phishing emails I would suggest that you report the email you received to the NCSC suspicious email reporting service (SERS) which you can find the link below.  This will allow us to build up the intelligence picture and prevent this from happening to anyone else:

 

https://www.ncsc.gov.uk/information/report-suspicious-emails   

 

This site has step by step guides on how to enable two multi factor authentication which is a security feature on various sites that you may use to make them more secure. 

 

https://www.turnon2fa.com/tutorials/

 

In the unfortunate event that you do fall victim to Cyber Crime or Fraud, then please report the matter to Action Fraud on 0300 123 2040.  Action Fraud are now available 24/7, 365 days a year.  You are also able to report a crime via the Action Fraud Website www.actionfraud.police.uk

 


Firearms & Explosives Licensing Manager
CSD Firearms & Explosives



 

               

 

So just general advice then, relating to advice already in circulation in 2020. 🤷‍♂️

Link to comment
Share on other sites
Good shot?

Good shot?

Posted
Posted (edited)
7 hours ago, Scully said:

So just general advice then, relating to advice already in circulation in 2020. 🤷‍♂️

The email informs me that my details among many others with fac are included in the data breach and has been put out on the ‘dark’ web.

I expect many other PW members signed up with Guntrader and with Fac may also get the same email.

Edited by Good shot?
Link to comment
Share on other sites
Scully

Scully

Posted
Posted
12 hours ago, Good shot? said:

The email informs me that my details among many others with fac are included in the data breach and has been put out on the ‘dark’ web.

I expect many other PW members signed up with Guntrader and with Fac may also get the same email.

But the ‘suggestions’ regarding security are just standard advice already in circulation a year ago, and therefore not produced as a result of the data breach. 

Link to comment
Share on other sites
Good shot?

Good shot?

Posted
Posted (edited)

All I am stating is, Gun trader members included in the data breach are not all fac holders,my feo having been advised of the breach have identified all those with fac and have repeated their security advice to those people.

if you are a Guntrader member and an fac holder you may well get this similar email from your feo.

 

Edited by Good shot?
Spelling
Link to comment
Share on other sites
  • 3 weeks later...
Rob85

Rob85

Posted
Posted
15 minutes ago, Stimo22 said:

It now seems that a Anti hunting site has published all the data from the Guntrader hack. the site is https://huntingleaks.is/news/. you can download it like it says or it can be downloaded and opened in Excel and the sorted. My details have the town and postcode but not exact house number, but still worrying

What happens if someone starts to stalk your house, breaks in and attempts to steal your firearms. If they are subsequently arrested and it is found they used information on that site to determine where to steal a gun, does that not make the owners of the site or whoever posted the information in some way liable?

In northern ireland terrorist groups have always been active in trying to steal guns from people so this information could be a gold mine for them.

Link to comment
Share on other sites
Newbie to this

Newbie to this

Posted
Posted
1 hour ago, Demonic69 said:

Reported to Action Fraud, not sure if it's in their wheelhouse though.

Also reported abuse to Google, I urge everyone else to do the same

Seems Google have stopped the file being able to be downloaded. :good:

I wanted to see if I was on it, but can't download it. I think I am good, don't think guntrader ever had my address.

Link to comment
Share on other sites
Demonic69

Demonic69

Posted
Posted
1 minute ago, Newbie to this said:

Seems Google have stopped the file being able to be downloaded. :good:

I wanted to see if I was on it, but can't download it. I think I am good, don't think guntrader ever had my address.

I have a copy, PM me if you want me to check it for you pal

Link to comment
Share on other sites
Newbie to this

Newbie to this

Posted
Posted (edited)
3 minutes ago, Demonic69 said:

I have a copy, PM me if you want me to check it for you pal

Thanks but I'm not that worried, I've never sold or bought anything, and can't even remember if I had an account or just browsed.

I doubt I would have given them my actual address anyway.

Edited by Newbie to this
Link to comment
Share on other sites
Demonic69

Demonic69

Posted
Posted
4 minutes ago, Newbie to this said:

Thanks but I'm not that worried, I've never sold of bought anything, and can't even remember if I had an account or just browsed.

I doubt I would have given them my actual address anyway.

If your name's Julian, all they have is your e-mail :) There a plenty of full addresses, mobiles etc on there though too 😞

Link to comment
Share on other sites
Jaymo

Jaymo

Posted
Posted

I have the file but no pc to check ( iPad version of google earth does not support csv extensions)

Not sure what details of mine as far as email and phone number as I changed them after the breach but could not remember what I had originally put in. At least my address is an old one. 

Link to comment
Share on other sites
Demonic69

Demonic69

Posted
Posted
6 minutes ago, David BASC said:

Dear all, if you did download it from this anti hunting sight I suggest you run a full virus / malware scan on your PC / Tablet ASAP as I have heard reports of the file / download link being contaminated

The one I got was from Google Drive and just a CSV, so no real chance of a virus. But it's always worth checking, especially as they'll be looking for other hosting services now that Google have blocked it.

Actually, just checked and they've already moved hosting to swisstransfer

Link to comment
Share on other sites
  • 2 weeks later...
oggiegb

oggiegb

Posted
Posted

Have I been pwned is a legit site and they have incorporated guntrader breach data. You should be able to check there:-

https://haveibeenpwned.com/

It's not generally safe clicking on links but you can Google the above site to verify. It's run by Troy Hunt who's a genuine Microsoft security guy.

The data leaked can contain your home phone, mobile, home address, full name, email address, passwords are encoded though so will be difficult for criminals to decrypt.

Link to comment
Share on other sites
  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...