typography
Font sharing site DaFont.com was hacked and nearly 700,000 usernames were stolen. Passwords associated with the accounts have been cracked. fill/Pixabay

The full database of users registered at font sharing website DaFont.com was compromised in a recent hack, ZDNet reported.

The hacked database contained the usernames, email addresses and hashed passwords of DaFont.com users. A total of 699,464 accounts were compromised in the hack, which was carried out earlier this month.

Read: Zomato Hacked: 17 Million Names, Emails And Passwords Stolen

While DaFont.com did hash the passwords — a function that converts standard passwords into strings of random characters to make it difficult to decipher — they were scrambled using the MD5 algorithm, which is no longer widely used because it has proved easy to crack.

The hacker was able to decrypt more than 98 percent of the passwords and reveal them in plaintext, ZDNet reported. For users who employ the same passwords on DaFont.com as they do on another service, having their passwords revealed in plaintext and directly associated with their email address and username may make it possible to compromise other accounts.

In addition to usernames, emails and passwords, the hacked database also contained forum data. Included in the hacked database were private messages and other site information. DaFont.com’s forum has more than a half-million posts.

In a conversation with ZDNet, the hacker revealed the DaFont.com database was being traded online, and he decided to attempt to access the database himself "mainly just for the challenge” of it.

The hacker explained he exploited a union-based SQL (structured query language) injection vulnerability in the software utilized by DaFont.com and described the flaw as "easy to find."

Read: Edmodo Hacked: 77 Million Accounts Of Students, Teachers, Parents Stolen From Education Social Network

The hacker provided the database to security researcher Troy Hunt, who is the proprietor of breach notification site Have I Been Pwned. Hunt found the database contained 637,340 unique email addresses — 62 percent of which were already in the Have I Been Pwned database because they were exposed in another breach.

Within the database were corporate accounts that belonged to employees of major corporations including Microsoft, Google and Apple. Several accounts were also associated with government agencies in the United States and United Kingdom.

The fact the passwords for those accounts are available in plaintext may present problems for those companies and agencies, as a compromised employee account can be used to gain access to sensitive information.

A compromised employee account led to a recent hack of restaurant review site Zomato, in which 17 million usernames, email addresses and hashed passwords were stolen after a hacker gained access to an account with access to the company’s internal user database.

Those who fear their account may have been compromised can check the database at Have I Been Pwned to see if their email is listed. If it is, those users are advised to change their passwords — and if they use the password for other accounts, change those as well. It is easy for a malicious actor to cross-reference one hack with another to find accounts that can easily be compromised.