1 min read

DaFont.com hacked; entire database leaked online

Luana PASCU

May 19, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
DaFont.com hacked; entire database leaked online

DaFont.com, an archive of freely downloadable fonts, was hacked earlier this month. The unidentified hacker took advantage of the platform”s old-fashioned, easy-to-hack password hashing system based on MD5 algorithm, known for its limitations, and exploited a union-based SQL injection vulnerability.

The hacker then exposed the website”s entire database of registered user accounts of almost 700,000 usernames, email addresses and passwords in plaintext, making it easy to hack other accounts associated with the emails or that reuse the compromised passwords.

The leaked database includes data and user conversations collected from the forum, as well as corporate accounts from Microsoft, Google, Apple, and government agencies from the US and UK, according to research conducted on the database by Troy Hunt and ZDNet team.

“I heard the database was getting traded around so I decided to dump it myself — like I always do, mainly just for the challenge [and] training my pentest skills,” the hacker explained in an interview for ZDNet.

Users can double check if their contacts were affected on Troy Hunt”s website. To protect their devices and accounts, all account owners are advised to immediately change their passwords and create strong, unique one, especially if they make a habit of reusing them for multiple accounts, and set up multi-factor authentication.

tags


Author


Luana PASCU

After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats.

View all posts

You might also like

Bookmarks


loader