Huge embarrassment over fisting site data breach

A data breach at a forum for "anal fisting" has resulted in the exposure of 107,000 accounts.

More than a third (37 per cent) of those affected by the Rosebutt Board were already included in the Have I Been Pwned? site, according to security researcher Troy Hunt. Victims will be able to use Have I Been Pwned? to check whether their data has been exposed once Hunt uploads the leaked data.

Info exposed includes usernames, email addresses, IP addresses, and weakly hashed passwords, Vice reports. Info uploaded to Have I Been Pwned? will be flagged as "sensitive" and not publicly searchable.

The Rosebutt Board caters to enthusiasts of “extreme anal dilation and anal fisting”, many of whom have been placed at risk of public humiliation or blackmail as a result of their sexual proclivities. Multiple .gov and .mil email addresses in the Rosebutt breach, Hunt reports.

Rosebutt Board was running on version 3.4.6 of IP.Board, out-of-date software with known security vulnerabilities. ®