Earlier this month, datasets containing over 240,000 records of the Utah Gun Exchange website were posted openly on a popular hacking forum. In total, 195,000 user records for the utahgunexchange.com and 45,000 records for their video, site UGETube, were exposed. Researchers analyzing the data also spotted two additional stolen databases belonging to a Utah-based hunting site (muleyfreak.com) and herbs site (deepjunglekratom.com), both linked to the Amazon cloud server that housed the data for the popular gun exchange site. Although the exposed data may vary depending on the website, email addresses, login names and hashed passwords are present in each data leak. Utah Gun Exchange did not immediately react to the news, but earlier this week, it published a data breach statement informing customers about the incident.
“We have recently learned of an attack that affects you as our users,” the notification reads. “Specifically, we learned that Utah Gun Exchange and UGETube were the target of an attack that resulted in the exposure of some of your information.” The letter underlines that most of the stolen information is publicly available when posting a listing on their website, and that no financial information was part of the exposed data.
“All transaction information is handled directly through PayPal using their secure and internal systems,” the company said. “UGE Tube and Utah Gun Exchange do not see or handle any financial information including credit/debit card numbers that are entered in during the purchase process. Therefore transactional information such as credit/debit card or other such financial data was not part of the data compromised.” [full article]