What’s the most embarrassing thing you’ve used your work email for?
Originally reported by BBC News, data on more than 100,000 accounts was stolen from a forum called The Rosebutt Board dedicated to sexual fetishes (obviously the site is NSFW if you’re tempted to look it up). Security expert Troy Hunt, who runs the Have I Been Pwned? site unearthed the news on the data after he was alerted by a user.
The hacked data includes usernames, email addresses, IP addresses, and hashed passwords, though the hashing used on the passwords has been called fairly poor.
Despite the explicit and sensitive nature of the website, it appears that some government staffers actually used their official email addresses to register. There are “multiple .gov and .mil email addresses in the Rosebutt breach,” according to Hunt. Hacks and data breaches are always bad but this one could leave some users particularly red-faced.
Related: If you’re looking to sue Ashley Madison, you’ll have to use your real name
Much like the Ashley Madison hack, the site carries info on sexual preferences and fetishes. While people on the site could sort of mask their identity with usernames, the leak of email addresses and IP addresses mean they could technically be identified.
“This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails,” said Hunt.
He explained that the forum was likely breached by exploiting a very simple and common SQL vulnerability in the site. The site had also been using antiquated software like the MD5 algorithm for scrambling the passwords, which has been considered outdated for quite some time.
If you have an account on the forum, it would be advised to change your password and also check Have I Been Pwned? to see if your email address is among the affected lot. Hunt added that users should take more care to hide their identities and cover their tracks when accessing such private material.
- A Russian hacker has 272 million stolen Gmail, Yahoo, and Hotmail passwords
- Spotify denies breach, but hundreds of users may be dealing with its fallout
- A data breach in London left 15,000 new and expectant parents’ info compromised
from Planet GS via John Jason Fallows on Inoreader http://ift.tt/1Osahw3
Jonathan Keane
More Stories
‘My 401k Misses You’: Black Woman Pumped To Meet Donald Trump In Philadelphia – July 18, 2023 at 04:56PM
Energy Provider Warns of Impending ‘Crisis,’ ‘Blackout Conditions’ Driven By Biden Plans – July 18, 2023 at 04:20PM
Dog starts barking at cows crossing a bridge, so the cows stop to have a look. – July 17, 2023 at 02:27PM