Anal fisting site breached: 100K passwords, usernames, email addresses and IPs extracted

Rosebuttboard.com is a forum for people whose sexual activities include inserting large items into their anuses; the site has been breached by a hacker, who now has details on over 100,000 of its users.


Security researcher Troy Hunt, who runs the Have I Been Pwned service, has verified the data and says that the data had been hashed using a deprecated, easily cracked MD5 algorithm, though the site's operator had taken the additional step of salting the hashes, making them harder to break. The site runs versions of Mysql and IP.board with known vulnerabilities, and that may have been how the data was extracted.


It is unclear however whether any of these vulnerabilities or others in IP.Board led to the Rosebuttboard.com user accounts being hacked (administrators of the site did not respond to a request for comment). But out-of-date software is arguably an indicator for how seriously a site takes security, and especially one that deals with as sensitive a subject as sexual desires and fetishes.


Another Day, Another Hack: Is Your Fisting Site Updating Its Forum Software?
[Joseph Cox/Motherboard]

(Image: George Hodan)