Hardcore pwn: ‘Fetish forum’ data breached

© Lucy Nicholson
There’s some bad news for members of a hardcore fetish web forum, according to web security warrior Troy Hunt. The Rosebutt Board has been hacked, leaving email addresses, usernames, IP addresses and passwords of its kinky users exposed on the internet.

Hunt started and operates Have I Been Pwned?, a website that allows users to search its database to confirm whether or not their information has been accessed by hackers. Having an email address and password stolen by hackers can be bad – especially when that combination is used for multiple sites.

But when information is stolen from a board for fans of “extreme dilation and anal fisting,” well, as Hunt told Vice Motherboard: “This is a poignant reminder of how very personal information such as sexual proclivities may one day become public knowledge.

Hunt estimates that roughly 107,000 accounts from the Rosebutt Board have been breached.

Hunt explained that what happened to the Rosebutt Board is not an anomaly. Hunt told the BBC that the hack, “took advantage of a common vulnerability using an SQL injection.

SQL injections refer to when an attacker inserts structured query language (SQL) into a web form and send requests that allow the hacker to download an entire database.

What may be the most interesting aspect of this breach is that 37 percent of the accounts found in the Rosebutt breach were already listed on Hunt’s website as having been “pwned” in the past.

"This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails," Hunt said to the BBC.

He said that some government and military email addresses were leaked from the forum.