A hacker is claiming to have hacked the official web forum of a gun retailer Airsoft GI and uploaded its data on Dropbox earlier today. The hacker who wants to remain anonymous is part of an underground hacker platform and maintains that the forum was hacked in January 2017.
The data was first discovered by data mining company Hacked-DB who found out that the total number of stolen user accounts is 70,000, but after an in-depth scan it turned out that 5,000 accounts were a duplicate and the exact number of stolen accounts are 65,215.
The data includes personal details of registered user such as user id, username, email account, IP address and password hashed with bcrypt, Blowfish. Among the data, there are 40,521 Gmail accounts, 3,261 Yahoo accounts, 2,760 Outlook and 2,760 Hotmail accounts. The total number of unique IPs is 17,364.
Screenshot from the leaked data shows emails and hashed passwords.
It must be noted that the official website of Airsoft GI is airsoftgi.com and the targeted forum domain is airsoftgiforum.com. The forum SSL certificate is already expired and Chrome users can see “Not Secure Connection” warning. Also, the forum which is based on phpBB (Free and Open Source Forum Software) is vulnerable to simple SQL injection attack making it easier for the hackers to steal whatever is stored on the server.
Airsoft GI is based in California with offices in Taxes and Virginia but, when it comes to the targeted platform, it shows that the last activity on the forum was on Apr 28, 2015. This means the forum is not only unsecure but inactive.
An email has been sent to Airsoft GI for an official comment on the breach.This article will be updated in case of receiving a reply from the administrators. For now, the data is publically available for anyone to download posing a serious security and privacy threat to the users and customers.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.
