Over 100,000 users are at risk of public humiliation or blackmail as Rosebutt Board, a web forum dedicated to the ‘anal fisting' fetish, suffered a data breach.
The stolen data included usernames, passwords, IP addresses and email addresses, some of which came from government and military addresses, according to Troy Hunt who runs the Have I Been Pwned? website.
Hunt verified that the website was using outdated software and an easily cracked MD5 algorithm even though the site's operator took another step to salt the hashes, making them more difficult to break. The site runs versions of MySql and IP.board with known vulnerabilities, which may have contributed to how the data was taken.
Over a third (37 percent) of people affected by the Rosebutt Board breach have been included in the Have I Been Pwned? site. Info uploaded to the site will be marked as “sensitive” and "not publicly searchable”.
Similar to the Ashley Madison hack of last year, the exposure of this data is particularly sensitive due to the nature of the website.
“This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails,” Hunt said. He advises people who want to visit such sites to take steps in order to remain anonymous.