Industry News

DaFont.com hacked; entire database leaked online

DaFont.com, an archive of freely downloadable fonts, was hacked earlier this month. The unidentified hacker took advantage of the platform’s old-fashioned, easy-to-hack password hashing system based on MD5 algorithm, known for its limitations, and exploited a union-based SQL injection vulnerability.

The hacker then exposed the website’s entire database of registered user accounts of almost 700,000 usernames, email addresses and passwords in plaintext, making it easy to hack other accounts associated with the emails or that reuse the compromised passwords.

The leaked database includes data and user conversations collected from the forum, as well as corporate accounts from Microsoft, Google, Apple, and government agencies from the US and UK, according to research conducted on the database by Troy Hunt and ZDNet team.

“I heard the database was getting traded around so I decided to dump it myself — like I always do, mainly just for the challenge [and] training my pentest skills,” the hacker explained in an interview for ZDNet.

Users can double check if their contacts were affected on Troy Hunt’s website. To protect their devices and accounts, all account owners are advised to immediately change their passwords and create strong, unique one, especially if they make a habit of reusing them for multiple accounts, and set up multi-factor authentication.

About the author

Luana PASCU

From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *