It looks like the cyber security experts and agencies have their hands full; first the WannaCry ransomware, then Zomato got hacked and now another cyber attack is wreaking havoc. The latest attack targeted the popular font sharing site DaFont, and it's worse than Zomato's hack.
The security breach on DaFont's website disclosed usernames, email addresses and hashed passwords of nearly 700,000 accounts. According to the hacker, the site's poor password security and a union-based SQL injection vulnerability led to the successful penetration through DaFont's database.
While ZDNet verified a few dozen email accounts associated with the site, a breach notification site Have I Been Pwned's Troy Hunt confirmed 637,340 unique email addresses in the hacked database.
The hacker, who refused to be identified, told ZDNet that it was "mainly just for the challenge [and] training my pentest skills."
Shockingly, 98 percent of the hashed passwords were cracked. Even though the site doesn't store any payment or other sensitive data, exposed email addresses and passwords can give hacker entry to users' other online accounts which are using the same credentials.
DaFont user base also included corporate accounts associated with Microsoft, Google, Apple, and also the UK, and the USgovernment agencies, which can be a matter of serious concern for corporations. Compared to other cyber attacks of late, DaFont's hack isn't the biggest one, but it is still a matter of concern for a lot of people.
Zomato, which is India's largest restaurant search and discovery service, was hacked this week, compromising account information of 17 million users. The data, which includes email addresses and hashed passwords of registered users, was reportedly sold on the dark web for about $1,000.
It is highly recommended you reset your passwords immediately and not use same passwords for different online accounts. Also, make sure to use strong passwords with alphanumeric and special characters.