A data breach involving HuntStand, a popular hunting and land management app, exposed the personal data of nearly 2.8 million users. The stolen data was scraped and subsequently publicly posted on the notorious hacking forum, ‘BreachForums.'
The breach was added to the Have I Been Pwned (HIBP) database yesterday, so impacted individuals should have already received a notification about their exposure. It was first announced on March 8, 2024, by a threat actor using the alias “21tr232tr45f.” In their forum post, they claimed to have scraped over 2.9 million HuntStand user records, which were stored in JSON format. The stolen data includes detailed personal information such as first and last names, email addresses, birthdates, and users' countries of residence, with some records containing more granular details like states and additional profile attributes.
CyberInsider
The threat actor removed his account from the platform and the thread was closed, so the leaked data is no longer available for download. However, it has been online for an extended period, and many cybercriminals were able to access it.
HuntStand, developed by TerraStride Inc., is one of the leading hunting apps in North America, with over 1 million downloads on Google Play and features like GPS mapping, land ownership data, and hunting forecasts. The app is widely used for hunting and habitat management, offering tools to map hunting grounds, track game movement, and share hunting areas with others. Given its size and popularity, the breach has significant implications for the privacy of its users.
Notably, 69% of the affected email addresses were already exposed in prior data breaches, according to HIBP. This overlap underscores the persistent issue of repeated exposures for many users, making them more vulnerable to phishing attacks and other malicious activities. This leaves nearly 900,000 people exposed for the first time due to the HuntStand breach.
To protect against the risks posed by this breach, users should:
- Change passwords if using the same credentials on other services.
- Be wary of phishing attempts leveraging the leaked data, especially emails that seem personalized.
- Consider using a password manager to generate and store unique passwords.
- Enable two-factor authentication (2FA), where possible, to enhance security.
Huntstand failed to notify all of its subscribers in a timely manner. After questioning them, they emailed me this letter.
Dear HuntStand user,
We are writing to inform you about a data security incident in which an anonymous internet post claimed to have “scraped” a HuntStand database containing personal information. We at HuntStand take the protection and proper use of your information very seriously. For this reason, we are contacting you to explain the circumstances of the incident.
What Happened
On March 13, HuntStand learned from a user review that the anonymous internet post claimed to have stolen personal information about HuntStand users. Investigation revealed that an outsider had exploited a single endpoint, and could have gained access to one database of information about the use of HuntStand. The initial investigation and action to disable the exploited endpoint was accomplished in less than nine hours.
What Information Was Involved
HuntStand has not received any demands or other communications from the alleged poster that identify any specific individuals or information actually accessed and stolen in the incident. The database only contained information about registration to obtain access to HuntStand services. The only personal information that could have been obtained from the database consisted of an individual’s name, email address, birthday, and city/state or other jurisdiction for which an individual registered. The database did not contain any Social Security numbers, licenses or other government identifications, financial or health information, or account/password information that could enable access to any other personal information. So, we are writing to alert you of the incident as a precaution, because we do take the protection and proper use of everyone’s personal information very seriously.
What Are We Doing
We have investigated and are acting to increase our system and information security. Besides disabling the vulnerable endpoint, we have performed additional security audits and made necessary improvements in addition to our ongoing security efforts.
What Can You Do
We are providing an “Additional Resources” section in this email that describes steps you can take to help protect yourself, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or security freeze on your credit file.
For More Information
If you have questions, please contact:
HuntStand Customer Service
support@huntstand.com