Given the extraordinarily restrictive laws surrounding firearms in place in the United Kingdom, I’m surprised that a website like Guntrader.uk even exists. Not only is the site legit, it’s apparently pretty popular. So popular, in fact, that the site was recently hacked, and those responsible have now put the names and addresses of thousands of customers online.
The BBC reports that the customer information obtained during the breach is available on the dark web, and that has gun owners concerned that they could soon be the targets of thieves looking for an easy score.
One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.
Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.
The individual, who did not wish to be named, told the BBC the breach “seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger”.
Guntrader.uk said around 100,000 customer records were stolen but “no information relating to gun ownership or the location of firearms was taken”.
Even if the actual sales records weren’t released on the dark web, it’s reasonable to think that a customer list (including addresses) for a website like Guntrader.uk will include a lot of gun owners. No, the location of those firearms may not have been taken, but the vast majority of gun owners keep their firearms at home, so if criminals have a home address, they’ve got a pretty good lead on where they can steal a gun or two.
Interestingly, according to those in charge of the website, this was a pure hack, and not an attempt to install ransomware or demand money in exchange for keeping the customer records offline.
Guntrader’s Simon Baseley told the BBC it had advised users to be vigilant, and was working closely with relevant agencies to mitigate the impact.
He said it was the first time in 20 years an attempt to bypass the firm’s security had succeeded.
“All the indications currently are that the breach was neither political nor commercial as there has been no attempt to extort money from either guntrader.uk or its users, or make other capital from the theft,” he added.
It’s also odd that the hackers have released names and addresses of customers, but don’t appear to have released any credit card information. I’m not sure why Baseley says that it appears the indication is that the hack wasn’t political, because to my mind the release of thousands of customer names and addresses without the corresponding release of customer credit card information makes it more likely that there’s some politics or at least a political ideology serving as a motivating factor.
A number of law enforcement agencies are investigating the breach, so hopefully we’ll eventually learn more about the individuals behind the hack as well as their motivations. In the meantime, British gun owners are likely to be sleeping lightly, knowing that if they are targeted by crooks who found their address online, they’re still not likely to be able to lawfully protect themselves and their families with a firearm.