Guntrader Information Leak

https://Immersive-optics.com/
Lads. We encrypt user data by default.

This was by design since we both actively work in the networking security industry and banking database industry.

How guntrader let this slip is beyond me. But here we are.

If anyone wants a far cheaper (and apparently) far more secure(!) Listing website.

[website deleted]

All I'm gonna say on this.

Disaster of epic proportions.
 
Last edited by a moderator:
ShootyBangBang said:
People wanting to sue the business that is the most useful to us to find & sell guns? Because some of your data is stolen? This sort of bull**** behaviour is why the shooting community in the UK is so easily ****ed over by the haters: We *aren't* a community, but a bunch of petty assholes.

Oh, and I doubt Guntrader has the money or the insurance to give you £20k each. Not that you'd win a suit.
Click to expand...


I have paid a business for a service. They are making money. It’s not like they are doing it out of the goodness of their hearts on behalf of the “community”.

If the security in place was not adequate it needs to be addressed. £20k is clearly over the top. I’ll settle for the fees paid and alternative security arrangements after being exposed to greater risk.

I have now been exposed to risk clearly identified by @hendrix’s rifle.

I expect more from a cyber based company who should be well equipped to store sensitive data accordingly and that services obtained wouldn’t match the billing data.

Just hold fast from calling folk assholes. It was only a few months ago warnings were being sent out from the police that criminals were posing as legitimate buyers to arrange purchases on guntrader and then committing offences.

This skips the phones calls, they can just watch you leave your house with odds on there are firearms within for easy pickings.

I couldn’t care less if it was just billing information that had been stolen. The implications are far greater than the usual financial loss of a data breach.
 
ShootyBangBang said:
People wanting to sue the business that is the most useful to us to find & sell guns? Because some of your data is stolen? This sort of bull**** behaviour is why the shooting community in the UK is so easily ****ed over by the haters: We *aren't* a community, but a bunch of petty assholes.

Oh, and I doubt Guntrader has the money or the insurance to give you £20k each. Not that you'd win a suit.
Click to expand...


I must have sold stuff to 20/30 folk on this website. They’ve all sent me their phone numbers and addresses so that I can post stuff.
 
d0nni said:
Lads. We encrypt user data by default.

This was by design since we both actively work in the networking security industry and banking database industry.

How guntrader let this slip is beyond me. But here we are.

If anyone wants a far cheaper (and apparently) far more secure(!) Listing website.

[website deleted]
All I'm gonna say on this.

Disaster of epic proportions.
Click to expand...

Poor form to jump on a competitors misfortune to promote your own business. I’ll never now visit your website.
 
Last edited by a moderator:
The only rifle I've bought online was through this website. Phew! Just had a squint on the Guntrader site. No obvious information there to inform users.
 
I. Farticus said:
Check here https://haveibeenpwned.com/ to see how many times your data has been scraped or hacked...

No results for my mobile. 9 for my email address, including LinkedIn in 2016, and some sites I've never heard of!
Click to expand...
This is a good practice , check if you are involved in a breach and change associated information if needed eg passwords etc

Although I'm not involved in the breach it's still a monumental cock up. Data like this should be kept securely, especially if your main business is online trading.

The data may have been captured by a spotty teenager, but that doesn't matter as that teenager has put the data out in the open for anyone to grab.

Yes not everyone on this list might have firearms but it makes looking for them that much easier , a phishing campaign to those emails could then compromise it further by refreshing the data and finding current firearm owners

Pretty worrying, but I'm sure the ICO will go to town on them given the sensitivity of the information
 
I asked GT to close my account yesterday, which they did very quickly. Passwords subsequently changed for Amazon, PayPal and email accounts. I don't think there's much more that can be done.
 
The Beater said:
I asked GT to close my account yesterday, which they did very quickly. Passwords subsequently changed for Amazon, PayPal and email accounts. I don't think there's much more that can be done.
Click to expand...
If you login to GT, under the 'Accounts' section, there's a button to close the button, if one wish so. Seems to have been added yesterday/ today.
 
Sampo said:
If you login to GT, under the 'Accounts' section, there's a button to close the button, if one wish so. Seems to have been added yesterday/ today.
Click to expand...
Can't log in any more. I changed my name, address, email and phone numbers yesterday to fictitious data. This morning the site is making everyone change their password. You can't log in using your previous one and have to click "forgotten your password" to get a verification email. Obviously mine has now been sent to a non-existent (maybe..) address so I'm permanently locked out. I asked them by email yesterday to delete my account but they won't because my email addresses no longer match and they've stopped replying to me. At least all my data on the site now is garbage.
 
deerstalker.308 said:
Worryingly this acknowledges passwords were also exposed, that’s not what previous information from GT suggested….
Click to expand...
Its just a preventative method. The passwords were thankfully encrypted and only the hash was available. Depends on the algorithm they have used, it might be possible to reverse engineer the password, so easier to get everyone to change it. Its worth noting that other accounts such as bank, amazon, utility accounts etc using the same email address and password might be at risk, so worth looking into. Its bad practice using the same password for many accounts, but unfortunately we are human and there's only so much one can remember.
 
I often visit but have never bought so I wonder why they sent me an e-mail warning of the breach ?
 
Triton said:
I often visit but have never bought so I wonder why they sent me an e-mail warning of the breach ?
Click to expand...
Because at some point between 2016 and present, you registered on the website and your email was in the list of accounts that were part of the breach. Better to reset the password, visit the accounts section to see what information is there and (a) edit it or (b) delete the account if you no longer require it.
 
You must log in or register to reply here.

Similar threads

Guntrader - Potential Scam/Fraud
Replies
3
Views
1K
Stevie/P
Stevie/P
Sophisticated SCAM email appears to come from your own account - how to check
Replies
0
Views
224
zambezi
zambezi
Generous shooters.
Replies
6
Views
432
John Gryphon
John Gryphon
Can't get to my money. . 😭😠
2
Replies
35
Views
2K
willie_gunn
willie_gunn
My old house gone in the fires.
Replies
17
Views
823
John Gryphon
John Gryphon
The No1 App in Europe for Hunting Area Management - MyHunt
Back
Top