More than 100,000 users of an online fetish forum have had their details stolen thanks to poor security on the website.
The site is called The Rosebutt Board, and let’s just say Coins2Day does not recommend you search for that term while at work.
The breach was reported by Troy Hunt, the proprietor of the useful “Have I Been Pwned” service that lets people find out—by entering their email addresses—if their account details were included in any nasty data thefts.
Get Data Sheet, Coins2Day ’s technology newsletter.
Hunt noted that some victims of this particular breach seem to have used their U.S. Governmental or military email addresses, or at least people signed up using those details.
And yes, there are also multiple.gov and.mil email addresses in the Rosebutt breach
— Troy Hunt (@troyhunt) May 10, 2016
All in all, the leaked data includes usernames, email addresses, IP addresses, and poorly-encrypted passwords for 107,303 accounts.
Hunt told Coins2Day that he was alerted to the leaked data’s existence by someone who had been trading in such information, who sent him a download link. Hunt then verified that the accounts listed in the breach did in fact exist on the site—something that’s easy to do because, as with the infamous Ashley Madison breach, entering an email address in the site’s password-reset tool instantly confirms whether the address is associated with an account.
For more on sensitive data breaches, watch:
“My feeling is [the data] is not too broadly circulated as of now,” Hunt said, explaining that it was important for people on the list to be aware that they have potentially been exposed.
“They need to change their passwords if they reuse them,” he said.