A data breach involving HuntStand, a popular hunting and land management app, exposed the personal data of nearly 2.8 million users. The stolen data was scraped and subsequently publicly posted on the notorious hacking forum, ‘BreachForums.'
The breach was added to the Have I Been Pwned (HIBP) database yesterday, so impacted individuals should have already received a notification about their exposure. It was first announced on March 8, 2024, by a threat actor using the alias “21tr232tr45f.” In their forum post, they claimed to have scraped over 2.9 million HuntStand user records, which were stored in JSON format. The stolen data includes detailed personal information such as first and last names, email addresses, birthdates, and users' countries of residence, with some records containing more granular details like states and additional profile attributes.
CyberInsider
The threat actor removed his account from the platform and the thread was closed, so the leaked data is no longer available for download. However, it has been online for an extended period, and many cybercriminals were able to access it.
HuntStand, developed by TerraStride Inc., is one of the leading hunting apps in North America, with over 1 million downloads on Google Play and features like GPS mapping, land ownership data, and hunting forecasts. The app is widely used for hunting and habitat management, offering tools to map hunting grounds, track game movement, and share hunting areas with others. Given its size and popularity, the breach has significant implications for the privacy of its users.
Notably, 69% of the affected email addresses were already exposed in prior data breaches, according to HIBP. This overlap underscores the persistent issue of repeated exposures for many users, making them more vulnerable to phishing attacks and other malicious activities. This leaves nearly 900,000 people exposed for the first time due to the HuntStand breach.
To protect against the risks posed by this breach, users should:
- Change passwords if using the same credentials on other services.
- Be wary of phishing attempts leveraging the leaked data, especially emails that seem personalized.
- Consider using a password manager to generate and store unique passwords.
- Enable two-factor authentication (2FA), where possible, to enhance security.
Leave a Reply