DaFont.com is probably the best known source of free fonts on the web – offering over 32,000 free fonts, some great and some examples of the worst font design ever committed. But ZDNet is reporting that earlier this month, a hacker gained access to its database and has stolen 699,464 user accounts – and has managed to crack over 98 percent of its passwords.
He downloaded the database, which also included all of the site’s forums – including private messages. The hacker supplied the database to ZDNet for verification, which they were able to do, and the the site Have I Been Pwned, which allows you to enter your email address and see if it’s in some of the hacked databases available on the web (mine appears in data stolen from Adobe, Dropbox and LinkedIn, apparently).
The hacker claims that others have also hacked the database, and are sharing it on the web – which is why he came forward. He says that it was relatively easy to access the site’s database using a 'union-based SQL injection vulnerability in the site's software’ and crack the hashed passwords, which had been encrypted using a deprecated MD5 algorithm.
The journalist who wrote the story says that he’s been attempting to contact the site’s owners – Rodolphe Milan and Nicolas Peton – but has been unable to do so.

Will the DaFont hack affect me


The hack will only affect you if you’ve registered an account on DaFont.com – which isn’t necessary to download fonts. Registering an account is required to comment on fonts or within the forum – or to upload fonts to the site. So font designers will be most affected by this.
If you have registered an account, there’s probably little to worry about unless you’ve said anything embarrassing in a private message – or you’ve used a username/email address and password combination that will also work on another site. If you have used that combo on other sites, go change them now.
If you're not sure if you've ever registered account, Have I Been Pwned will tell you if you're in the stolen database (and others too).