Cyber Incident Victim: Airsoft GI

In early January 2017, an unidentified hacker breached the official web forum of firearm retailer Airsoft GI, operating under the domain airsoftgiforum.com. The attacker, affiliated with an underground hacking platform, publicly disclosed the stolen data via Dropbox in February 2017. Security firm Hacked-DB identified the leaked dataset, initially cataloging 70,000 user accounts before deduplication revealed 65,215 unique compromised profiles. The exfiltrated records contained user IDs, usernames, email addresses, IP addresses, and passwords hashed with bcrypt Blowfish encryption. Email provider analysis showed 40,521 Gmail accounts, 3,261 Yahoo accounts, 2,760 Outlook accounts, and 2,760 Hotmail accounts among the victims, with 17,364 unique IP addresses exposed. Technical analysis indicated the phpBB-based forum had critical vulnerabilities, including susceptibility to SQL injection attacks and an expired SSL certificate that triggered browser security warnings for Chrome users attempting to access the platform.

The compromised forum had been inactive since its last recorded user activity on April 28, 2015, nearly two years prior to the breach. Airsoft GI maintained separate domains for its primary commercial website (airsoftgi.com) and the compromised forum, with corporate offices operating in California, Texas, and Virginia. No security updates or administrative maintenance had been applied to the forum prior to the intrusion. The hacker made the complete dataset publicly downloadable, exposing affected users to credential-stuffing attacks and privacy violations despite password hashing. Airsoft GI administrators did not publicly acknowledge the breach or provide remediation guidance to users at the time of reporting, though journalists had solicited official comment via email. The data exposure remained active with no documented containment actions, leaving user credentials and personal information accessible through the attacker's distribution channels.