The breach was discovered by the founder of Have I Been Pwned, Troy Hunt. Hunt said that he was informed about the data breach by somebody who is involved in the trading of such information and the person then provided him with a download link for the data. Hunt verified the data by using the password reset function of the affected website. Whilst talking to the BBC, Troy explained that the forum was exploited by an SQL injection vulnerability, as the site was using an outdated piece of software. The forum was used by hardcore smut lovers who would wish to remain anonymous. The breach makes matters worse because many of the leaked email addresses are appearing as .gov or .mil, as Troy pointed out in a tweet:
— Troy Hunt (@troyhunt) May 10, 2016 “This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails,” Hunt told the BBC. He advised people who wanted to visit such sites to consider taking steps to remain anonymous. “Create an email account and make up a name and use something like the Tor browser so the IP address can’t be traced back to you,” he added.
