SQL Injection Flaw: Hardcore Fetish Forum Hacked, 100k Users’ Data Leaked
The Rosebutt Board (NSFW forum) has faced a massive data breach — The leaked data also includes .gov emails — If you are at work don’t search for this forum!

Last month HackRead reported how a simple SQL vulnerability allowed hackers to steal email addresses, names, IP addresses, physical addresses and plain text passwords of over 237,000 adult network users. Now, SQL injection flaw has done it again! After hacking an online hardcore fetish forum The Rosebutt Board, the hackers not only stole private details like IP addresses, email addresses and username/passwords of more than 100,000 users but also leaked the data online. The worst part is that the leaked data included .gov email addresses as well. It must be noted that the passwords that were stolen and leaked were weakly-hashed by the website and this is why they got stolen so easily.

SQL vulnerability is usually ignored by many companies but it turns out to be a huge threat

Troy Hunt, the founder of Have I Been Pwned, was responsible for discovering this data leak. In fact, Hunt offers exclusive service of detecting if any of the users have become the subject of a data breach. This is achieved simply by entering your email address.

Hunt stated that he was alerted about this breach by someone who was involved in trading of stolen, hacked data. The person even gave him the data’s download link, which was later verified to be authentic after the affected website’s password reset function was used.

Troy also revealed that the forum was hacked through the SQL injection vulnerability and the main reason behind the site’s hacking is that outdated security software was implemented by the company while the impact of the attack was further augmented by the forum’s subject matter. That is, it is a website dedicated to letting users explore and release their sexual fetishes and who would want this kind of information to be leaked online? Worst even, there are users who have linked their accounts with their official military or government email addresses because various email addresses have the .gov or .mil domain name.

Usually, anyone can use Hunt’s website to identify if you have been subjected to any kind of breach on the internet. There are different categories of breaches as well, such as some are termed as sensitive if information that has been hacked or leaked could prove to be damaging for the individual. But, it is quite ironic that those who have been involved in this current attack won’t be able to discover about their email address’s status using this website.

However, if they are subscribers of Troy’s website then they would certainly receive notification about the hack.
Please be informed that the hacked forum is of very explicit nature and so if anyone has made an account on this forum must immediately change their password, especially if they have linked it to their other accounts.

Top/Featured Image Viawk1003mike/Shutterstock

Owais Sultan

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.