“My family could be in danger”: details of over 100,000 Guntrader users exposed

Photo of two rifles by Photo by Specna Arms on Unsplash

A database including thousands of names and addresses has been stolen from Guntrader, the UK’s largest online marketplace for guns, and published on the dark web.

The database includes customer details not just from users of the Guntrader site, but also of customers at gun shops who use Guntrader’s CRM service, which is advertised as “the most safe and secure gun register system on today’s market”. Industry news site Shooting UK says it has “been able to establish that some of the data stolen came from gun shop customers who were unaware that Guntrader was storing their information”.

Details exposed in the breach include first and last names, phone and fax numbers, postal addresses, IP addresses, latitude and longitude data, hashed passwords and the police force which had issued certificates for Registered Firearms Dealers (RFDs).

Payment logs were also exposed, though no credit card numbers were included.

While the data itself is not particularly more sensitive than that exposed in the average breach, the fact that it pertains to gun ownership, highly controlled in the UK, has caused alarm within the community.

Speaking anonymously to the BBC, one affected gun owner said that the breach “seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger”.

Guntrader has reportedly emphasised that no details pertaining to gun ownership were exposed; however as many users pointed out, inclusion in the database as either a Guntrader user or a customer of a Guntrader client is a very strong indicator of gun ownership.

“This directly impacts my safety and the safety of those I live with, and I feel that this may be used either by criminals or by those wishing to harm shooting sports in the UK,” another user told Fieldsports News.

In relation to the latter point, one forum commenter also noted that they were “concerned around people who oppose field sports having potential access to my name, address, and telephone numbers”.

Apart from the email sent to impacted users, there is (at the time of writing) no public notice of the incident on Guntrader’s website.

“The National Crime Agency is aware of the issue and BASC is working with them to ensure we can update members as quickly as possible as the situation develops,” said the British Association for Shooting and Conservation’s head of firearms, Martin Parker.

“Our advice to members would be to check home security and be extra vigilant.  Make sure all firearms are appropriately locked away and make sure buildings are kept secure.  Follow normal good crime security advice and report anything suspicious to the police.”

Preview photo by Specna Arms on Unsplash

Researcher, writer, recovering medievalist. Currently particularly interested in the cybersecurity solutions market, cyber insurance/risk modelling, and IoT security.

Related posts

Your thoughts