Font sharing site DaFont has been hacked, exposing thousands of accounts - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HotUKDeals, you accept our cookie and privacy policy.
Get the HotUKDeals app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Font sharing site DaFont has been hacked, exposing thousands of accounts

£0.00 @
Another day, another hack! (via ZDNet) A popular font sharing site DaFont.com has been hacked, exposing the site's entire database of user accounts. Usernames, email addresses, and hashed passwo… Read More
msmyth Avatar
[mod] 1w, 2d agoPosted 1 week, 2 days ago
Another day, another hack! (via ZDNet)

A popular font sharing site DaFont.com has been hacked, exposing the site's entire database of user accounts.

Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name.

The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site's main database also contains the site's forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site's forums.

The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site's database.

"I heard the database was getting traded around so I decided to dump it myself -- like I always do," the hacker told me. Asked about his motivations, he said it was "mainly just for the challenge [and] training my pentest skills." He told me that he exploited a union-based SQL injection vulnerability in the site's software, a flaw he said was "easy to find."

While the hack of DaFont is far from the biggest data breach we've covered, it could still cause considerable headaches for a lot of people -- even if the free site didn't store any payment or other critically sensitive data. That's because this breach involves a huge trove of email addresses and passwords that could allow a hacker to break into other, more sensitive sites and services that share the same password.

In the case of corporate accounts, that could lead to further data breaches of sensitive and confidential business files. Among the confirmed email addresses we found in the breach, several accounts belonged to Microsoft, Google, and Apple corporate accounts.

Dozens of accounts were also associated with UK and US government agencies.

Anyone thought to be affected by the breach can now search for their data in Have I Been Pwned.
msmyth Avatar
[mod] 1w, 2d agoPosted 1 week, 2 days ago
Options

All Comments

(2) Jump to unreadPost a comment
Comments/page:
1 Like #1
msmyth
..."I heard the database was getting traded around so I decided to dump it myself -- like I always do," the hacker told me. Asked about his motivations, he said it was "mainly just for the challenge [and] training my pentest skills." He told me that he exploited a union-based SQL injection vulnerability in the site's software, a flaw he said was "easy to find."...

https://imgs.xkcd.com/comics/exploits_of_a_mom.png

[ https://xkcd.com/327/ ]
#2
How much for 100k
lol


Edited By: whelan189 on May 19, 2017 13:39

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!