Web hosting company Hostinger was hit with a data breach. It is possible that 14 million customers have been affected.
It is one of the last things a web host would want to go through. Unfortunately, Hostinger is going through it anyway. The web host detected a data breach. That breach affected a database of 14 million customers. As a precautionary measure, the web host has reset all of the potentially affected customers passwords. From TechCrunch:
The breach is said to have happened on Thursday. The company said in a blog post it received an alert that one of its servers was improperly accessed. Using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database. That database contained customer usernames, email addresses and passwords scrambled with the SHA-1 algorithm, which has been deprecated in favor of stronger algorithms after researchers found SHA-1 was vulnerable to spoofing. The company has since upgraded its password hashing to the stronger SHA-2 algorithm.
Hostinger said the API database stored about 14 million customers’ records. The company has more than 29 million customers on its books.
The company said it was “in contact with the respective authorities.”
One important and relieving aspect might be this, though:
The company said that financial data was not compromised, nor were customer website files or data affected.
August has been a pretty active month for security incidences. Earlier this month the LAPD suffered a data breach which saw thousands of officers and applicants exposed. More recently, Suprema through Biostar 2 suffered a data leak. That leak saw 27.8 million records exposed. After that, porn sharing site Lucious suffered a data leak. 1.2 million accounts were exposed. It’s more than possible that this month is far from over on this front as well.
Drew Wilson on Twitter: @icecube85 and Facebook.
