Cyber Incident Victim: DaFont

In early May 2017, the font-sharing website DaFont suffered a data breach compromising its entire user database. An unidentified hacker exploited a union-based SQL injection vulnerability in the site's software, which they described as "easy to find," to extract 699,464 user accounts containing usernames, email addresses, and passwords hashed with the deprecated MD5 algorithm. The attacker successfully cracked over 98% of these weakly protected passwords into plaintext due to MD5's vulnerabilities. The stolen database also included forum data such as private messages and over half a million forum posts. The hacker claimed their motivation stemmed from both the technical challenge of penetrating the site and awareness that other actors were trading the database privately. They independently dumped and shared the data with ZDNet and breach notification service Have I Been Pwned (HIBP) for verification purposes.

ZDNet confirmed the breach's validity by testing a sample of accounts through DaFont's password reset function, which sent new passwords in plain text to disposable email addresses. HIBP's analysis identified 637,340 unique email addresses in the dataset, with 62% already present in their breach database from prior incidents. The compromised accounts included users from major technology companies like Microsoft, Google, and Apple, as well as dozens associated with UK and US government agencies. While DaFont stored no payment information, the exposure of email-password pairs created significant credential-stuffing risks for victims' accounts on other services. DaFont's operators initially did not respond to multiple pre-publication contact attempts by ZDNet. After the article's release, a spokesperson acknowledged awareness of vulnerabilities and stated some had been patched prior to the report, with additional measures implemented to restrict malicious account access. Affected users were directed to check their exposure status via HIBP.