Dafont has been hacked

Simon Cozens · May 2017

This morning I got a notification from haveibeenpwned.com that my credentials at dafont.com have been exposed due to a data breach. Zdnet has the story. If you have a dafont account, please change your password, and if you use that password on other sites too... don't do that.

Adam Jagosz · May 2017

"Page in maintenance. Modifications to your profile are disabled at the moment for security reasons."
"We are currently working to fix some vulnerabilities. Meanwhile, modifications to your profile are disabled to limit malicious access to user accounts.
Everything should be back in a few days, and then you'll be asked to change your password. We apologize for any inconvenience.

"

Adam Jagosz · June 2017

The message above still shows up. Is that for real?

How many days can be counted as "a few"? I guess resolving this is going to take them as long as reviewing font updates. That is to say, forever.

Simon Cozens · June 2017

If you have a security compromise on a site whose main business is digital downloads, the whole darn thing is suspect. You either look through and reconstruct every single zip file, or you burn it down and start again.

That's if you take security seriously, of course. If you don't understand security, just keep the site running but don't allow affected users to change their compromised passwords...

James Puckett · June 2017

Whoever owns DaFont might have decided to shutter it. Web ads don’t make the money they used to. And DaFont has no doubt lost visitors to Google Web fonts, as well as sites that blatant offer free downloads of retail type.

Ray Larabie · June 2017

This isn't science but...

I think Dafont's popularity has been steady or increasing. I get about 20,000 downloads a day. If I average the number of daily downloads over the last 12 years, it's 13,256. And my fonts are much lower on the charts than they used to be. But I think you're right about web ads.

The number of legitimate (not deliberately pirate) free font sites has decreased. In 2011, I received a C&D and was required to contact every free font site and ask them to remove a certain font. It took a solid 3 weeks. There were hundreds of them. Many of these were a "free font site in a box" that was being sold on eBay based on a mangled site rip of 1001freefonts.com. People who run free fonts sites are often very elusive. So many free fonts sites have broken contact forms or no contact information at all. Folks, be extra careful about trademarks in your font names because cleaning up the mess is no fun.

In 2014, I received another C&D and had to do the same thing all over again. This time it took less than a week to have the font removed from every free font site. I think over a hundred of them had vanished and new ones hadn't popped up to replace them. I suspect those clone sites earned their owners zero dollars.

The number of free font sites who take the latest dafont releases and post them on their own sites has dwindled to around a dozen. Not that long ago, a new Dafont release would spider out to over 50 sites now it's consistently less than 10 sites for the last 3 years.

Dafont has been hacked

Comments

Categories