Cyber Incident Victim: Utah Gun Exchange
Date:
Aug 2020
Location:
United States of America
Summary
A data breach at Utah Gun Exchange exposed approximately 240,000 user records, including 195,000 from its primary platform and 45,000 from its video service UGETube, after attackers published stolen datasets on a hacking forum. The compromised information contained email addresses, usernames, and hashed passwords, with additional linked databases from affiliated sites also leaked. The organization confirmed unauthorized access to customer data but emphasized that no financial information was compromised, as transactions were processed externally through PayPal. While noting that much of the exposed data was already publicly visible through user listings, the company acknowledged the risks associated with credential exposure and implemented measures to address the vulnerability. Users were advised to change passwords and remain vigilant against potential phishing attempts stemming from the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early August 2020, datasets containing over 240,000 user records from Utah Gun Exchange's platforms were publicly posted on a popular hacking forum. The breach exposed 195,000 records from utahgunexchange.com and 45,000 records from its video platform UGETube. Security researchers analyzing the leaked data discovered two additional compromised databases belonging to Utah-based hunting site muleyfreak.com and herbal products site deepjunglekratom.com, both hosted on the same Amazon cloud server infrastructure as the gun exchange platforms. The exposed information across all affected sites included email addresses, login names, and hashed passwords, though the specific data fields varied between platforms. Utah Gun Exchange initially did not respond to reports of the breach but later confirmed the incident through an official notification to customers. The company stated attackers had targeted both Utah Gun Exchange and UGETube, resulting in unauthorized access to user information.
Utah Gun Exchange's breach notification emphasized that most compromised data consisted of information typically made public when users posted listings on their marketplace. The company clarified that no financial information was exposed, as all transactions were processed directly through PayPal's secure systems without Utah Gun Exchange handling credit/debit card details. Despite this assurance, the exposure of hashed passwords created significant risks for credential-stuffing attacks against accounts sharing reused login credentials. The company acknowledged the vulnerability that enabled the breach and reported taking steps to remove malicious code while identifying the security weakness involved. They advised users to change passwords across all accounts sharing credentials with Utah Gun Exchange platforms and remain vigilant against potential phishing attempts leveraging the stolen data. The organization committed to strengthening its security measures to prevent future incidents but did not disclose technical specifics about the attack vector or remediation actions taken.