Gun exchange site confirms data breach after database posted online

Gun exchange site confirms data breach after database posted online

08/19 update added below. This post was originally published on August, 13th, 2020. A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime …

Hacker keyboard

08/19 update added below. This post was originally published on August, 13th, 2020.

A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.

On August 10th, a threat actor posted databases that they claim contain 195,000 user records for the utahgunexchange.com, 45,000 records for their video site, 15,000 records from the hunting site muleyfreak.com, and 24,000 user records from the Kratom site deepjunglekratom.com.

Databases posted to a cybercrime forum
Databases posted to a cybercrime forum

All of these sites are based out of Utah, USA and samples of the databases shared by cybersecurity intelligence firm Cyble show that each database was hosted on the same Amazon AWS server 

The latest date on user records in each database is July 16th, which indicates that is when the data was stolen.

Samples of one of the database
Samples of one of the database

The exposed data is different on each site, but consists of email addresses, login names, and hashed passwords. 

We were able to confirm that many of the email addresses listed in the databases belong to registered users of the sites.

While this does not provide 100% verification of posted data, it does lead us to believe that there was a breach of some kind.

Update 8/19/20: After alerting the Utah Gun Exchange to their exposed data, today, they contacted BleepingComputer with a link to a data breach notification posted on their site.

This notification confirms our report that a threat actor stole their database and that it consisted of user’s email addresses, login names, and hashed passwords. 

UGE stressed that no financial information, including PayPal and credit card information, was exposed during this attack.

Utah Gun Exchange’s notification also implies that this attack was politically motivated.

“Utah Gun Exchange and UGETube remain dedicated to our mission of defending the First and Second Amendments and providing our users with a means to exercise their First and Second Amendment rights.  As we know, there are many who have attacked, or will attack, Utah Gun Exchange and UGETube in an effort to stop us from accomplishing our mission to help protect your constitutional rights.  We have recently learned of one such attack that affects you as our users,” Utah Gun Exchange stated in their data breach notification.

In our experience covering data breaches, it is more likely that the threat actor stumbled on their unsecured site and breached it without regard to the site’s content.

Utah Gun Exchange is asking all users to reset their passwords on utahgunexchange.com, and if they use the same passwords at other sites, to change them there as well.

As the databases for muleyfreak.com and deepjunglekratom.com are also hosted on the same AWS server, it is strongly advised that you reset your passwords on these sites as well.

What should affected user do?

As we said, it not confirmed that all of the exposed data is legitimate, but have confirmed that many of the emails listed in the databases are in use at the listed sites.

Therefore, it is better to be safe than sorry and act under the assumption that your account credentials have been exposed.

To be safe, if you are a user of one of these sites, it is strongly advised that you change your password immediately.

If you use the same password at another site, you should also change the password to a unique and strong one that you only use for that site.

Using unique passwords prevents a data breach at one site from affecting you at other websites you use.

To assist you in keeping tracking of unique and strong passwords, it is suggested that you use a password manager application.

Furthermore, as each site has a narrow scope of interest, it is important that all affected users be on the lookout for targeted phishing attacks abusing this data.

To check if your information has been exposed, you can search for your email using the Am I Breached data breach monitoring service.

KratomGuide
ADMINISTRATOR
PROFILE

Posts Carousel