Major airsoft game host and equipment renter Airsoft C3 had the sensitive data of 75,000 individuals part of its enthusiast community website compromised due to a Google Cloud Storage Bucket misconfiguration, indicating a significant threat to the U.S. airsoft community, according to Cybernews.
Included in the 12GB file with the database backup exfiltrated by threat actors were individuals' usernames and hashed passwords, email and home addresses, phone numbers, social media links, posts, and personal emails to other users, as well as the credentials of the founders and admins of the platform.
Such exposed information could be leveraged by threat actors to breach Airsoft C3's infrastructure and facilitate identify theft, credential stuffing, phishing, and account takeover attacks against its users, said Cybernews researchers. Airsoft C3 could also be subjected to legal action due to the incident, which may eventually impact its financials, researchers added.
