ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Ducks Unlimited Data Breach

ducks.org
Significant exposure
Verified breach Passwords exposed
Accounts exposed 1,324,364
Breach date 29 Jan 2021
Added to tracker 16 Nov 2021
Data classes 6

What happened

In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users. Impacted data included names, phones numbers, physical addresses, dates of birth and passwords stored as unsalted MD5 hashes.

Exposed data

Dates of birth Email addresses Names Passwords Phone numbers Physical addresses

Recommended actions

  • Change your Ducks Unlimited password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Ducks Unlimited โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP