Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Guntrader, known as the home of guns for sale, is a website that helps users to buy and sell new and used shotguns, rifles, air rifles, air pistols, and shooting equipment.
Guntrader also has its own electronic gun register software that is used by UK shooting businesses.
What Happened?
Recently over 111,000 British firearms owners’ names and home addresses belonging to Guntrader’s customers were leaked online.
A Google Earth compatible CSV file that pinpoints domestic homes as possible firearm storage locations was leaked online.
The database stolen from Guntrader was advertised as being importable into Google Earth, in this way allowing random people to “contact as many [owners] as you can in your area and ask them if they are involved in shooting animals.”
What Data Got Stolen?
In the Google Drive-hosted CSV file are included names, home addresses, postcodes, phone numbers, email addresses, and IP addresses, along with the precise geographic coordinates for 111,295 people listed in the breach.
It’s possible for the file to be linked to an activist’s blog, hosted in Iceland. This breach presents a severe risk to anyone who moved house to one of the addresses mentioned in the leak of the stolen database, as it contains data that is up to five years old.
Unfortunately, firearms could become the target of new robberies and burglaries, as criminals might try to steal them.
The breach can be considered severe as it takes away that obscurity of about 20 percent of the registered gun owners across the country.
According to The Register, Guntrader has not explained so far why it was collecting location coordinates down to six decimal places.
The Information Commissioner’s Office declared that:
We are aware of a potential change in the Guntrader Ltd incident and we will be making inquiries.
A statement came also from the British Association for Shooting and Conservation:
BASC is concerned about this latest development. We have flagged those concerns to the National Crime Agency. In the meantime, we advise the shooting community to maintain vigilance around security and report any concerns to the police.
Fortunately, it seems that at this time Google has removed the CSV file from Google Drive that was linked to the activist’s blog.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
link for gunny_gun_gun_csv plz