Guntrader UK Data Breach

On 21st July 2021, ‘Guntrader UK Ltd’ were subject to unauthorised access of their systems, which resulted in the leak of a database associated to customers globally onto the darkweb and more recently another website accessible on the internet.

Guntrader notified their affected customers on 21st July, informing them of the breach. They have since worked with law enforcement and now South-West Regional Organised Crime Unit (SWROCU) are progressing an investigation into the data breach and subsequent publication of the data.

The database may contain personally identifiable information such as names, mobile phone numbers, email addresses, addresses, geo-location data, IP addresses and an encrypted form of password used to access the site. Exact information in each record varies.

This web page aims to provide safety advice and guidance to individuals and organisations who have been contacted by Police in the South-East region and identified as potentially being involved in the data breach. This advice is equally applicable to all firearms licence holders.

Any enquiries regarding the original data breach of Guntrader UK should be directed to the South-West Regional Organised Crime Unit.

Emergency incidents

Should there be any event whereby lives or safety are at risk, please contact the Police by calling 999.

If you believe the incident relates to this data breach, please quote the following:

If reporting to Hampshire Constabulary, reference number : 44210352236 or ‘Operation Slab’.

If reporting to Surrey Police or Sussex Police, reference number : 45210096818 or ‘Operation Oasis’.

If reporting to Thames Valley Police, please state that this may relate to the ‘Guntrader data breach’.

Non-emergency Incidents

Should there be any incident which is not an emergency, or if you witness suspicious activity, please contact the Police through the 101 non-emergency number or report online.

https://www.hampshire.police.uk/

https://www.surrey.police.uk/

https://www.sussex.police.uk/

https://www.thamesvalley.police.uk/

If you believe the incident relates to this data breach, please quote the following:

If reporting to Hampshire Constabulary, reference number : 44210352236 or ‘Operation Slab’.

If reporting to Surrey Police or Sussex Police, reference number : 45210096818 or ‘Operation Oasis’.

If reporting to Thames Valley Police, please state that this may relate to the ‘Guntrader data breach’.

Non-emergency Cyber Incidents

Should there be a cybercrime linked to your online account(s) and/or associated fraud suspected to have resulted from the data breach please report this to Action Fraud by calling 0300 123 2040. Action Fraud are the national fraud and cybercrime reporting centre for England & Wales.

Alternatively report online – https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime

If you believe the incident relates to this data breach, please quote the following:

If reporting to Hampshire Constabulary, reference number : 44210352236 or ‘Operation Slab’.

If reporting to Surrey Police or Sussex Police, reference number : 45210096818 or ‘Operation Oasis’.

If reporting to Thames Valley Police, please state that this may relate to the ‘Guntrader data breach’.

Physical Security Advice

If you are a firearms or shotgun certificate holder, please reacquaint yourself with the advice and guidance set out in the Government’s Firearms Security Handbook, and continue to ensure the security of your guns and ammunition: https://www.gov.uk/government/publications/firearms-security-handbook

If you are a certificate holder, have any concerns around current security arrangements and would like to relocate items to a different location, please contact your local Firearms Licensing Department:

Hampshire Constabulary

https://www.hampshire.police.uk/advice/advice-and-information/fi/af/firearms-licensing/about-firearms-licensing

Surrey Police

https://www.surrey.police.uk/advice/advice-and-information/fi/af/firearms-licensing/about-firearms-licensing/

Sussex Police

https://www.sussex.police.uk/advice/advice-and-information/fi/af/firearms-licensing/about-firearms-licensing/

Thames Valley Police

https://www.thamesvalley.police.uk/advice/advice-and-information/fi/af/firearms-licensing/about-firearms-licensing/

Cyber Security Advice

It may be tempting to search for and download a copy of the database yourself for reassurance.  Whether for yourself, a family member or another person to establish whether their details are included on the list. 

You are strongly recommended against doing this.  Aside from owning copies of stolen data, there are reports of malicious copies of this list circulating on the internet and dark web, which are malicious files (e.g. viruses) that can cause additional damage to your computer / network, online accounts and personal data.

Check Involvement

If you or someone you know is unsure whether they were included in the data breach, a simple check can be done by inputting the relevant email address on the ‘Have I Been Pwned’ website.  The results will establish whether the email address was present as part of the database (and or other previous data leaks) and what entity details were associated with the leaked data.

This service is run by Troy Hunt, who works in cybersecurity and this service is trusted by Governments and Law Enforcement around the world, law enforcement within the UK routinely use this free service as part of their cybercrime investigations and it is safe to use.   

The public can also sign up with the site to receive future notifications of any other data breaches linked to companies that have stored your personal information and are breached by hackers in the future : https://haveibeenpwned.com

Protecting against risks

Passwords

Passwords continue to remain one of the greatest threats when it comes to cybercrime. A common attack method by criminals is due to passwords that are too short, as well as re-using the same password across multiple online services.

Reassurance is often given that passwords were ‘encrypted’, but this should always be regarded as a risk as this is not a perfect defence.

After data breaches like this, criminals to try to establish the passwords before trying to access accounts with the email address and deciphered password across multiple other online services.

Examples include email platforms (e.g. Hotmail, Yahoo, Gmail, AOL), banking, retail (e.g. Amazon, eBay, Netflix) and social media (e.g. Facebook, Instagram, Snapchat, Twitter) in the hope that the same email address and password combination will work because of password re-use.

As such, it is essential that users involved:

  • Change the password on Guntrader – even if the intention is to never use the platform again –  this ensures the account is secured.
  • Change the password on any other online services or websites where the same password is used to another strong and unique password.
  • (Start) using a Password Manager to ensure that every online service used, has a strong and unique password, to minimise risks.
  • Implement Two-Factor Authentication (2FA) on all online accounts where available (see below).

For more advice on how to implement stronger passwords, see the Passwords section on the South-East Regional Organised Crime Unit (SEROCU) website: https://serocu.police.uk/passwords  

Two-Factor Authentication

Current best practice and cyber security advice given globally to protect online accounts is to enable Two-Factor Authentication (2FA) for all accounts that support it.

Most people will now be familiar with 2FA as a result of online banking. When you try to login on a new device, or set up a new payee, you are required to type a short code that is additionally sent by text message or through an app in order to do so.

2FA protects against losing control of online accounts. Even if criminals get hold of a username / email address and your password, they don’t have the code to access the account from their ‘new device’ without your mobile number or authenticator application.

It is an essential extra layer of security that can prevent a significant amount of personal cybercrime seen nationally.

One of the most critical accounts you have is your main, personal email address. This is where password reset requests for your other online accounts will come. If a criminal gains access to your email account, they can systematically request password resets for all of the accounts they find. 2FA will protect your email account.  Following this account, then ensure the banking, retail and social media accounts are similarly protected.

If an account doesn’t support 2FA, seriously consider changing to a provider who does.

For more information on 2FA, please read the guidance on the SEROCU website: https://serocu.police.uk/2fa

Phishing

Individuals and organisations whose details have been included in data breaches are often at greater risk of being targeted with phishing.  This is the sending of unsolicited messages by email, text message or even in telephone calls they try to trick you into doing something you shouldn’t – such as clicking on a link, opening a malicious document, filling in personal information on an online form or giving this information over the phone.

While most people are aware of mass phishing, which may be quite obvious.  Targeted phishing is sophisticated and involves a significant amount of psychological trickery.

Vigilance and cynicism are the best weapons against phishing.  The common tactics used by criminals rely upon:

  • Authority – persuading you they are somebody such as the Police
  • Pressure – pushing you to do something in a hurry, so you don’t have time to think
  • Familiarity – telling you that you know the same person, or that you should know about the thing they are talking about – such as this data breach
  • Curiosity – relying on you being intrigued as to what they are talking about
  • Reward – pretending to give you something for free, or that they can help you resolve a problem
  • Knowledge – giving you a snippet of information they know from a data breach, such as your password, such that you think they have compromised your computer

Occasionally criminals impersonate the Police after an incident like this.  There is no problem with being cynical and ensuring the identity of the person stating that they are Police are verified, before providing any information.  If in doubt, contact the Police on the non-emergency number – 101.

You can help protect others by reporting phishing:

Forward text messages to 7726 (it spells SPAM on a keypad)

While updates are not provided about every report, the National Cyber Security Centre and other partners will act to take down websites and services associated with scams and phishing as soon as they can.

For more on phishing, visit:  https://serocu.police.uk/phishing

Privacy

Society are also known to share (leak) varying amounts of their personal information online that can also assist cyber criminals.  Social media companies encourage society to add as much information about themselves as possible. Unfortunately, criminals will use this information to target you by personalising phishing as well as guessing things like password reset answers.

Most social media services have the ability in the settings pages, to adjust what is openly shared with anyone and not one of your connections / friends.  Have a look at the SEROCU guidance to find out how to lock down your accounts and reduce what is publically available about you: https://serocu.police.uk/privacy-online

For More Information

For more information about staying secure online, we have comprehensive guidance on personal cyber security on the SEROCU website: https://serocu.police.uk/individuals

The National Cyber Security Centre also have information on their Cyber Aware pages: https://www.ncsc.gov.uk/cyberaware/home