There was a data security breach at DaFont, a popular source of over 32,000 free fonts, which resulted in 685,000 usernames and passwords beings stolen.
Earlier this month, a hacker gained unauthorised access to their database holding 699,464 user accounts, and managed to crack 98% of its passwords. Apart from that, the hacker also downloaded the site’s forums, including the personal messages of its users.
The hacker decided to publicly share the database on the internet. According to hacker, it wasn’t difficult to break into, and they were able to take advantage of a union-based SQL injection vulnerability found in the website’s software. This allowed the hashed passwords to be cracked, as they had been encrypted with a deprecated MD5 algorithm.
The good news is that it’s not necessary to register to download any fonts from DaFont. So, there Is no need to worry if you have only used the website to download fonts, but never registered. However, if you design and share fonts, or have used their forum at any time, you may be affected.
Even so, there is little reason to worry, unless you have said something touchy in a private message on their forums, or you use the same login credentials on other websites. If this is the case, it is a good idea to go change these as soon as possible.
DaFont is the latest addition to the collection of websites offering products or services for the creative community that has been hacked. For example, in 2013, 2.9 million Adobe accounts were compromised.