Dafont has been hacked

Options
This morning I got a notification from haveibeenpwned.com that my credentials at dafont.com have been exposed due to a data breach. Zdnet has the story. If you have a dafont account, please change your password, and if you use that password on other sites too... don't do that.

Comments

  • Adam Jagosz
    Adam Jagosz Posts: 689
    Options
    "Page in maintenance. Modifications to your profile are disabled at the moment for security reasons."
    "We are currently working to fix some vulnerabilities. Meanwhile, modifications to your profile are disabled to limit malicious access to user accounts.
    Everything should be back in a few days, and then you'll be asked to change your password. We apologize for any inconvenience. "
  • Adam Jagosz
    Adam Jagosz Posts: 689
    Options
    The message above still shows up. Is that for real? :open_mouth: How many days can be counted as "a few"? I guess resolving this is going to take them as long as reviewing font updates. That is to say, forever.
  • Simon Cozens
    Simon Cozens Posts: 726
    Options
    If you have a security compromise on a site whose main business is digital downloads, the whole darn thing is suspect. You either look through and reconstruct every single zip file, or you burn it down and start again.

    That's if you take security seriously, of course. If you don't understand security, just keep the site running but don't allow affected users to change their compromised passwords...
  • James Puckett
    James Puckett Posts: 1,978
    Options
    Whoever owns DaFont might have decided to shutter it. Web ads don’t make the money they used to. And DaFont has no doubt lost visitors to Google Web fonts, as well as sites that blatant offer free downloads of retail type.