HomesecurityPopular weapons exchange site violated

Popular weapons exchange site violated

A report by Bleeping Computer states that users of a
popular gun exchange site may have fallen victim to theft
email addresses, usernames and passwords.

An August 10 post on a cybercrime forum
states that free stolen databases are provided, containing total
240.000 files from the Utah Gun Exchange. The same hacker offers for free
two other other smaller stolen databases, one from a hunting
site and another from a herbal site "kratom".

What connects all of the above, according to information provided at
publication by experts of threat information, is that all
The advertised databases came from Utah-based companies
hosted on the same Amazon cloud server.

Lawrence Abrams stated that the actual data from each site is
different, but “consists of email addresses, login names and
passwords." Abrams also confirmed that while it was not possible
the validation of all exposed data in these databases,
many of the addresses email belonged to registered
site users.

It is believed, since July 16 is the last seal
date in any of the database entries, that then will
there could have been a breach. If so, then the wrong one
configuring the “bins” of the cloud server could be the key

Chris Hauk of Pixel Privacy agrees that “at first glance,
This seems to be another case of databases that are
stored on Amazon's AWS service that was incorrect
insured. ”

"Cloud storage solutions are convenient and cost effective,
but we must not forget that the right configuration any cloud service
means configuring components, such as S3 bins, safely ”,
said Tim Mackey, chief security strategist at the Cyopsecurity Research Center
of Synopsys (CyRC). "It simply came to our notice then
security requirements for stored data, "Mackey added
and “also ensures that regulations such as the Law on
privacy 2020. ”

Reduce the risk of targeted spear-phishing attacks

In the meantime, it makes sense to assume that if you are a Utah user
Gun Exchange or one of the other sites mentioned in the original
report, your account credentials may have been compromised.

"Affected users must change their passwords
them in a safe and unique password, while ensuring that
"They do not use the same password on other sites," he said
Hauk, “should also watch out for electronic attempts
targeting them. ”

This last point, about the potential of "spear-phishing",
it is worth noting. Any cyber criminal will
adjust an initial attack to have validity. In this
In this case, it may mean messages email where you
ask you to click on a link to reset your password
you in the relevant site or something that will have as its subject something that will you
interests - in this case issues related to arms exchanges.



Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.