DaFont Site Hacked, Almost 700K Accounts Exposed

[Bot]

DaFont.com was hacked earlier this month, the company announced, exposing its entire database of almost 700,000 usernames, email addresses, and passwords in plaintext. If you have an account on the site providing freely downloadable fonts, it's probably best you change your passwords to secure your other accounts.

At fault for this hack is the platform's easy to hack password hashing system using the MD5 algorithm, as the hacker exploited a union-based SQL injection vulnerability.

The database not only contains usernames, emails addresses, and passwords, but also data and user conversations collected from the forum, as well as corporate accounts from Microsoft, Google, Apple, and government agencies across the United States and the United Kingdom.

"I heard the database was getting traded around so I decided to dump it myself - like I always do, mainly just for the challenge and training my pentest skills," the hacker told read more)

Read more: DaFont Site Hacked, Almost 700K Accounts Exposed

 

[Winter Soldier]

The episodes that concern the repeated theft of passwords from online services websites, are something to think about.
Is it really so safe to register to a site, to receive a service, when they protect so badly and in a rough way, our credentials?

 

[Weebarra]

I have used Dafont but never created an account. This is totally irresponsible management of customers details.

 

[onreact]

Another reminder to use unique passwords on every single site.

Otherwise "hackers" can get access on other sites as well using your legit log-in details.