Thousands exposed in hack of font sharing site DaFont – CNET
Popular font sharing site DaFont.com has been hacked, exposing its entire database of user accounts.Usernames, email addresses and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who wouldn’t divulge his name.The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums.The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site’s database.”I heard the database was getting traded around so I decided to dump it myself — like I always do,” the hacker told me. Asked about his motivations, he said it was “mainly just for the challenge [and] training my pentest skills.” He told me that he exploited a union-based SQL injection vulnerability in the site’s software, a flaw he said was “easy to find.”
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.