Login database at your store hacked?

GunnerTech · Apr 7, 2022

Not trying to add fuel to the fire, could be mearly a coincidence. Check your credit cards people, I have 2 pending charges as of yesterday. One from Best Buy and one from Bell. None of which I do business with. Not saying it's from this suspected breach, but just giving a heads up. I'll be canceling my card today.

B.. · Apr 7, 2022

Delete

B.. · Apr 7, 2022

CanAm said:
Just saw this thread. I have not heard this info before, but will investigate immediately

Thank you - please let us know what you find out!

Pimpbob · Apr 7, 2022

The exploit used is likely still active.
When updating your accounts, change all personal info to fake info and update to a gibberish password.

Your data is out there, but no reason to put in new info or a password you'll use anywhere just to have it stolen again.

Canada Ammo should be taking their website offline until resolved

Canada Ammo: you have legal obligations with a data breach that contains PII

https://www.priv.gc.ca/en/privacy-t...privacy-breach-at-your-business/gd_pb_201810/

ReverendX · Apr 7, 2022

Seems like phishing to me

NeonGreen · Apr 7, 2022

would it be a good idea to cancel the credit card they had on file and request a new one from my bank or is that taking it too far?

Pimpbob · Apr 7, 2022

NeonGreen said:
would it be a good idea to cancel the credit card they had on file and request a new one from my bank or is that taking it too far?

You're insured.
Is the one on file past expiry?

If you don't have automatic charges it won't hurt you.

foghsho · Apr 7, 2022

(First time poster, long time lurker)

I found the breach download and was able to grab a copy of it.

The database that was leaked appears to just be the "users" table.

"id,username,email,password,reset_pin,registration_date,last_login,confirmation,ip,role_id"

These are the headers of what was dumped.

The password is hashed via MD5 encryption, which is reversible in majority of cases, depending on what the password was.

From what I see, there is no personal data outside of emails, passwords, usernames, and ip addresses of accounts.

Change your passwords and all should be good!

CanAm · Apr 7, 2022

foghsho said:
(First time poster, long time lurker)

I found the breach download and was able to grab a copy of it.

The database that was leaked appears to just be the "users" table.

"id,username,email,password,reset_pin,registration_date,last_login,confirmation,ip,role_id"

These are the headers of what was dumped.

The password is hashed via MD5 encryption, which is reversible in majority of cases, depending on what the password was.

From what I see, there is no personal data outside of emails, passwords, usernames, and ip addresses of accounts.

Change your passwords and all should be good!

Thank you I will pass this to the IT team

JaysonCraig · Apr 7, 2022

foghsho said:
(First time poster, long time lurker)

I found the breach download and was able to grab a copy of it.

The database that was leaked appears to just be the "users" table.

"id,username,email,password,reset_pin,registration_date,last_login,confirmation,ip,role_id"

These are the headers of what was dumped.

The password is hashed via MD5 encryption, which is reversible in majority of cases, depending on what the password was.

From what I see, there is no personal data outside of emails, passwords, usernames, and ip addresses of accounts.

Change your passwords and all should be good!

how do you reverse a hash without comparing it each time? Good digging!

foghsho · Apr 7, 2022

JaysonCraig said:
how do you reverse a hash without comparing it each time? Good digging!

Theres a lot of MD5 decryption out there, essentially the way it works is with a dictionary method of sorts.

You cannot reverse engineer an MD5 hash, but you can compare it to a hash you know.

For example: if you know the hash for "password123", and then a password file gets leaked on the internet, the hash will be the same regardless of the server it is on, but in order to find the result of the hash you need to hash the exact same string.

Md5(password123) = 482c811da5d5b4bc6d497ffa98491e38

Running that MD5 to decrpyt at md5decrypt.net will give you the following result

"482c811da5d5b4bc6d497ffa98491e38 : password123

Found in 0.184s"

This is why I ultimately said its reversible in majority of cases depending on the password you use.

Many people who do data breaches and brute force logins will have a database of the most common 200,000+ passwords that have been leaked previously. You can guarantee these have all been run through MD5 encryption to know what it puts out in a database.

This is also why developers no longer use md5 without additional layers of security, and even then its not considered to be secure. Most commonly we'll see a salt+hash setup with multiple layers of encrpytion within the programming now adays.

foghsho · Apr 7, 2022

CanAm said:
Thank you I will pass this to the IT team

Seems like your database has been attempted to be breached multiple times throughout the years. When they find the targeted database get them to check the id records of 78851 to 78891 for some proof of it recently.

Theres a lot of XSS and DB Exploit attempts happening throughout the whole table.

ArchiePerry · Apr 7, 2022

I got one too from my ID monitoring service: OnGaurd idassist

"At an unknown date, the Canadian gun and knife site Canada Ammo was allegedly breached. The stolen data contains usernames, passwords, email addresses, IP addresses, and additional personal information. This breach is being privately shared on the internet."

J.Hancock · Apr 7, 2022

kinda concerning if PAL numbers are leaked and shadies order firearms and ammo under fraudulent identities..

foghsho · Apr 7, 2022

J.Hancock said:
kinda concerning if PAL numbers are leaked and shadies order firearms and ammo under fraudulent identities..

As I mentioned above, no PALs in the breach data that I have. Just emails and passwords that are concerning.

just having some fun · Apr 7, 2022

I have a new Pal #

99999999 ...... very original

Not sure if it related but my credit card was hacked in Feb ( Skip the dishes )
.... I do not order from them .... still unresolved ... 3 charges for the same amount in less than 10 min

jason2k · Apr 8, 2022

JaysonCraig said:
how do you reverse a hash without comparing it each time? Good digging!

You start hashing all combinations of characters and store the results in a database. At some point you'll have a database large enough for you to just query. MD5 has been around for a long time so shorter passwords have already been hashed.

Dynas · Apr 8, 2022

CanAm said:
Thank you I will pass this to the IT team

Why do you not disclose your breach? Apart from legal issues you have an ethical responsibility to disclose this so people that didn't see this thread will change their passwords etc.

FAQMAT · Apr 8, 2022

ArchiePerry said:
I got one too from my ID monitoring service: OnGaurd idassist

"At an unknown date, the Canadian gun and knife site Canada Ammo was allegedly breached. The stolen data contains usernames, passwords, email addresses, IP addresses, and additional personal information. This breach is being privately shared on the internet."

Same for me. I receive it yesterday.

Jim Guns · Apr 8, 2022

It's because Trudeau is pushing the buyback to a later date and the 'liberal underground' is not happy. Wait till you show up on a Google Maps overlay of gun owners.

Login database at your store hacked?

Member

Regular

Regular

Member

CGN frequent flyer

CGN Ultra frequent flyer

Member

New member

Canada Ammo - CGN Sponsor

CGN frequent flyer

New member

New member

Regular

CGN Ultra frequent flyer

New member

CGN Ultra frequent flyer

New member

CGN Regular

CGN frequent flyer

CGN Regular