HorseGeneticsGame Data Breach Exposes 20,733 User Credentials

In August 2018, HorseGeneticsGame (formerly known as HuntAndJump), a United States-based online game centered around horse genetics and breeding simulation, suffered a data breach that exposed the account information of 20,733 users. The breach involved both a database compromise and subsequent combolist distribution, with email addresses and MD5 password hashes circulating in underground forums. Although HorseGeneticsGame serves a niche gaming community, the credentials exposed in this breach have been actively used in credential stuffing campaigns targeting platforms far beyond the original game.

Why This Is Dangerous

MD5 password hashes are among the weakest forms of password protection a service can use. The MD5 algorithm was never designed for password storage, and modern GPU-based cracking tools can test billions of MD5 hashes per second. Rainbow tables -- precomputed databases of hash-to-password mappings -- can reverse the majority of common passwords in seconds without any brute force effort at all. Once these hashes are cracked, the resulting email and password pairs get added to combolists and used in automated login attempts across hundreds of websites simultaneously. Gaming community credentials are particulary valuable to attackers because players often use the same password across gaming platforms, streaming services, and personal email accounts. A compromised gaming account can be a direct path into far more sensitive services where thier financial or professional data is at risk.

What Was Exposed

• Email addresses for 20,733 HorseGeneticsGame user accounts
• MD5 password hashes (vulnerable to rapid cracking via rainbow tables and GPU tools)
• Account data associated with the HorseGeneticsGame/HuntAndJump platform
• Credentials compiled into combolists and distributed across underground forums

Why This Matters

Gaming communities are frequentley targeted in credential attacks because their members tend to be digitally active across many platforms and often recieve less security-focused communications than users of financial or professional services. The HorseGeneticsGame breach data has been circulating in combolist repositories since its initial exposure in 2018 and continues to appear in active credential stuffing datasets. Underground forums have specifically highlighted gaming credentials from this period as viable targets for account takeover attempts. Even years after the breach, users who have not changed the password they used for HorseGeneticsGame remain vulnerable on any platform where they reused that same password. The combination of MD5 hashing and ongoing combolist distribution makes this a lasting risk rather than a historical footnote.

How Database and Combolist Breaches Work

A database breach typically occured when an attacker exploited a vulnerability in the target web application or server infrastructure -- such as an SQL injection flaw, an unpatched software component, or compromised administrative access. Once inside, the attacker exported the user table containing email addresses and password hashes. Because the passwords were protected only with MD5, modern cracking tools can recover plaintext passwords from the majority of these hashes quickly. The recovered credentials were then formatted into a combolist, a structured file used by automated tools to run login tests across hundreds of websites simultaneously. Combolists from the HorseGeneticsGame breach have been bundled with data from other gaming-related incidents and traded in markets frequented by credential stuffing operators.

Check If You Are Affected

If you ever created an account on HorseGeneticsGame or the earlier HuntAndJump platform, your email address and password may be part of this breach. Take the following steps immediately:

• Search your email address in HEROIC's breach database to confirm whether your HorseGeneticsGame data was exposed
• Change the password you used for HorseGeneticsGame on every other platform where you used the same password
• Enable two-factor authentication on your email account and any other gaming or online service accounts you use
• Monitor your accounts for unauthorized login attempts, purchases, or account changes
• Use a password manager to generate unique passwords for each account you maintain
• Be alert to phishing messages that reference gaming communities, horse breeding platforms, or online simulations

HEROIC monitors breach data continuously and alerts you when your credentials appear in newly discovered datasets. Proactive breach monitoring is one of the most effective ways to detect credential exposure early and respond before attackers can exploit your data across other platforms.