From a post on a data breach forum it looks like Guntrader.uk has been breached.
The data that has been pulled out are names, email address, physical address, IP address, phone numbers. Passwords were hashed but not sure if that’s enough to protect them.
If you use guntrader.uk you should change your password and the password on any other site that uses the same one if the hash is unscrambled then your email and password can be used on other sites.
Thanks for the heads up - it's worth changing a password every now and again just in case anyway
Making a mockery of growing old gracefully since I retired
nah.. I'm being pedantic.. they can brute forced and one can derive a password that matches the hash, that will then give them a route into guntrader.
BUT it will not necesarily give them the actual real password, as multiple passwords will map to the same hash (by design). Thus a password "apple" may map to hash 12345 and that can be used to access guntrader, as it generates the same hash.
However the actual users password was really "orange", which also mapped to hash 12345 (on guntrader).
So if you try and use that users brute forced "apple" password against other sites he uses, it will not work, as the real password "orange" when ran through the hashing on those other website, actually hashes to 78791011 (differnt hash).
None of which really matters to most people, I know ! You are quite right on very simple passwords, as you reduce the chances of the above applying if there are so few variables
Always looking for any cheap, interesting, knackered "project" guns. Thanks, JB.
Yes and no - it depends if they used a SALT on the hash. Still nothing is impossible to crack - just harder. It is bad practice to use the same password across websites anyhow.
The biggest issue here is that someone has a huge list of names and addresses of firearm owners - all available to the highest bidder.
This highlights one of the issues of the web.
A while ago when everyone was getting upset with FB and WhatsApp they rushed to an app called Parler in the effort to 'have free speech'. Unfortunately what came with that was a really leaky app which allowed the people's GPS data to be downloaded, meaning wherever they'd taken their phone was available to public view. /feign shock There was a considerable amount of users who all have traces going into the Capitol building. /feign shock off It seemed to be a predictable Venn diagram.
I've also been asked for ID (passport and license) on Egun.de , who then said they'd then check with their authorities as to the authenticity. When I asked them who that was, how the data would be stored, transmitted and how I could control it, how it complied with GDPR, they deleted my account. That shows the flippancy of some sites towards security. Like I was going to scan my passport and license to a different country across the open internet and that would be fine. If it wasn't a set up for a scam then it's ripe for a rip. Their privacy policy has been since updated but it's really wooly still.
Founder & ex secretary of Rivington Riflemen.
www.rivington-riflemen.uk
there is always some one who will crack things like passwords
Had an email from guntrader this afternoon, it says personal data has been accessed but NOT passwords or bank details.
Shame the time was 16:34 an hour after BASC sent me a warning email & more than 7 hours after this thread was started
Rob.
Saw this earlier
https://www.fieldsportschannel.tv/hi...hat-to-do/amp/
Last edited by bighit; 21-07-2021 at 09:25 PM.