Data Breach Statement
Utah Gun Exchange and UGETube remain dedicated to our mission of defending the First and Second Amendments and providing our users with a means to exercise their First and Second Amendment rights. As we know, there are many who have attacked, or will attack, Utah Gun Exchange and UGETube in an effort to stop us from accomplishing our mission to help protect your constitutional rights. We have recently learned of one such attack that affects you as our users.
Specifically, we learned that Utah Gun Exchange and UGETube were the target of an attack that resulted in the exposure of some of your information. While, with the exception of hashed passwords, the information that appears to have been taken from our systems is information that is publicly available when an advertisement is posted, we feel it is our responsibility to take every precaution to notify you, as our users, of the breach so that you can take any action you feel is necessary to protect your information.
All transaction information is handled directly through PayPal using their secure and internal systems. UGE Tube and Utah Gun Exchange do not see or handle any financial information including credit/debit card numbers that are entered in during the purchase process. Therefore transactional information such as credit/debit card or other such financial data was not part of the data compromised.
Please know that we at Utah Gun Exchange and UGETube have also acted promptly to stop the unauthorized access and provide additional security for the information stored in our systems. As seen from the increased support and outreach we have received from our users, we know that we will continue to succeed in our mission to protect the First and Second Amendments despite the opposition.
Below is a brief description of what occurred, what action has been taken, and steps you can take to protect your information.
I. What Happened
Recently, Utah Gun Exchange and UGETube discovered that criminals exploited a website vulnerability to gain access to certain data. Upon discovery, we acted immediately to stop the intrusion. We promptly performed a comprehensive review to determine the scope of the intrusion, including the specific data impacted. Based on our investigation, the unauthorized access occurred July 2020.
II. What Information Was Involved
Most of the consumer information accessed is information that is publicly available when an advertisement is posted, including names, email addresses, and phone numbers. All transaction information is handled directly through PayPal using their secure and internal systems. UGE Tube and Utah Gun Exchange do not see or handle any financial information including credit/debit card numbers that are entered in during the purchase process. Therefore transactional information such as credit/debit card or other such financial data was not part of the data compromised. However, it also appears that our users’ hashed (or encrypted) passwords have also been accessed. Hashing turns your password (or any other piece of data) into a short string of letters and/or numbers using an encryption algorithm. Although the passwords exposed were hashed and did not reveal the plain text value, there are methods that could allow the attacker to identify the real passwords. Accordingly, we strongly recommend that you change your password and consider changing it on any other site that you may have used the same username/email & password combination.
III. What We Are Doing
Upon learning of this incident, Utah Gun Exchange and UGETube took steps to remove the offending code and have identified the vulnerability. We have hardened the website security and database connections. We continue to identify steps that can be taken to help prevent this type of incident from happening again.
IV. What You Can Do
If you use the same email/username and password combination on any other sites, we urge you to change your passwords as the passwords could be compromised due to this data breach. it is also important to be on the lookout for targeted phishing attacks abusing this data. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. If you receive any communications purporting to be from Utah Gun Exchange but you are uncertain of the true source of the communication, feel free to contact us separately at [email protected] to inquire into the validity of the communication.
We value your participation in our community and appreciate your support as we continue this fight!
Please contact us at [email protected] if you need any assistance.
Steps to reset your password – UtahGunExchange.com
- Login and click on “My Dashboard” in the top right hand corner.
- Now click on “Edit Profile” on the right hand side in the Dashboard section.
- Once your profile is displayed, scroll down until you see “Generate Password”. You can either keep the generated password (Recommended) or you can choose your own by simple typing in the field.
- Once you’ve decided on your new password, simply click the “UPDATE PROFILE”. The password you select will need to be used for any future logins.
Steps to reset your password – UGETube.com
- Click on your profile avatar in the top right corner and then click “Edit”
- Now click on “Password” in the left hand column of options.
- Finally, enter your current password and select a new password to use going forward, then click “Save”.