The number of websites launch in Internet is on high pace and many are hosting their domain from many of the service providers available. Recently there has been a breach that leaked around 13 million credentials.
Many hosting services are payable and some of them are free. Hosting services are those in which you can buy a domain and then host your website there in their servers. One such free hosting site is #000WebHost.
Millions of users has registered there and many websites are being hosted in their servers. The credentials of the users must be secured with high encryption to avoid any breaches.
Few days earlier there is a news that a hacker hacked into the server by using a exploit in old php coding and got the whole database of credentials. The database has been circulated in the underground forum.
Hunt, a security researcher from Australia also got the database through anonymous source and since it is proved to be original he alarmed the hosting service 000WebHost and there is also a Forbes article published about the hack at 000WebHost.
#000WebHost just simply ignored the warnings and then they noticed that the server has been hacked and the whole database has been compromised due to the exploit.
The funny fact is that all the passwords and the email ids are managed in Plain Text without any encryption. Then the 000WebHost personnel reset the passwords for 13 million users and then make the encryption at place and then removed all the malicious uploads.
Encryption is the basic security mechanism failing to do so will cost a lot which is now 13 million users passwords and emails. Users are requested to follow the reset procedure for their account and not to use the same old password in any other account since it is circulated to many places.
P.S : The post is to create awareness and not to create any negative impact.
A message from CEO Arnas Stuopelis about 000webhost data breach.
ReplyDeleteWe have witnessed a database breach on our main server. A hacker used an exploit in old PHP version of the website gaining access to our systems, exposing more than 13.5 Million of our customers' personal records. The stolen data includes usernames, passwords, email addresses, IP addresses and names.
We became aware of this issue on the 27th of October and since then our team started to troubleshoot and resolve this issue immediately. We are still working 24/7 in order to identify and eliminate all security flaws. Additionally, we are working on upgrading all of our systems. We will get back to providing the service to our users soon.
At 000webhost our top priority is to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together. For millions of people our services are an opportunity to be present on the internet and learn more about technology.
At Hostinger and 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that. In an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved.
Our user’s sites will stay online and will be fully functional during this investigation. We will fully cooperate with law enforcement authorities. At the same time our internal investigation has been started. We advise our customers to change their passwords and use different passwords for other services.
Our other services such as Hosting24 and Hostinger are not affected by this security flaw and are fully secure and operational.
Contact:
Arnas Stuopelis
CEO, Hostinger
press@hostinger.com