A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his nameA popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.

Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name.

The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums.

The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site’s database.

“I heard the database was getting traded around so I decided to dump it myself — like I always do,” the hacker told me. Asked about his motivations, he said it was “mainly just for the challenge [and] training my pentest skills.” He told me that he exploited a union-based SQL injection vulnerability in the site’s software, a flaw he said was “easy to find.

Source: Font sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

And why is it not mandatory to show what encryption scheme will be used to store your account details?!