Posted on August 15, 2020 at 9:47 PM
According to a report by Bleeping Computer, a hacker has infiltrated a popular gun exchange site, stealing users’ email addresses, usernames, and passwords. The cybersecurity firm warns that the hacker has exposed the details of the users on the darknet.
The darknet forum says it wants to give away stolen databases containing about 240,000 records from the Utah Gun Exchange.
In another development, the same hacker has also offered two smaller databases, one from a “Kratom” herb site and another from a hunting site. The hacker is also offering the second set of the database for free as well.
The entire database was from Utah-based Businesses
From the information released by threat intelligence specialists, the entire advertised databases were from Utah-based businesses hosted on the same Amazon cloud server.
Bleeping Computer’s Lawrence Abrams pointed out that the stolen data from the site is different from one another, but they all contain hashed passwords, login names, as well as email addresses. Additionally, Abrams equally said although he had not verified the authenticity of all the stolen data, the majority of the email addresses are all from the registered users of the affected site.
The breach was possible due to vulnerable AWS service
It is believed that the infiltration could have occurred before the July 16 date, being the last date stamp on the database records. The security experts have also said the vulnerability could be the misconfiguration of the cloud server “buckets”.
According to a consumer privacy advocate at Pixel Pharmacy Chris Hauk, the breach seems to be a case of the compromise of a database stored on the AWS service of Amazon, which was not correctly safeguarded.
“This appears to be another case of databases stored on Amazon’s AWS service that was not properly secured,” he said.
Security strategist at the Synopsys Cybersecurity Research Center, Tim Mackey, voiced out his opinion on the security of data via cloud storage.
He said one of the most cost-effective and convenient data storage methods is cloud storage solutions. But a misconfiguration of the cloud service could leave the components exposed to attack.
In this context, security means a review of the security requirements for the stored data. He also opined that firms need to respect regulations like the Privacy Act 2020 to maintain a certain level of security standards.
He also revealed he has contacted the Utah Gun Exchange about the development and will present further update when anything comes up.
Preventing spear-phishing attacks
Hauk has advised Utah Gun Exchange users on the security measures they have to take if they are to prevent any phishing attacks targeted towards them. He stated that users with the Utah Gun Exchange or other firms mentioned in the report should be working on the assumption that their accounts have been compromised.
As a result, users who have been affected should change their login details on the portal and pick a unique password that will be difficult to crack.
“Affected users should change their passwords to a secure and unique password, he said. They should also ensure they don’t use a single password to access multiple registered websites. The user should have distinct passwords for each account they have online to prevent the hackers from compromising their accounts through other sites, Hauk reiterated.
Users should be mindful of spear-phishing emails
Hauk also advised that the users should be careful of email phishing attempts that target their demographic.
He pointed out that the likelihood of the hackers using the stolen details for spear phishing is high, noting that any knowledgeable cyber-criminal will take advantage of the initial attack. In the future, they could send the victims emails asking them to click links for mouthwatering offers or discounts. In this case, the mails could be gun-related to specifically give bogus offers to the popular gun exchange site users.