Hostinger Resets User Passwords after data breach

Hostinger Resets User Passwords after data breach

Hostinger web hosting provider resets all customer passwords during the weekend, after learning that an attacker has unauthorized access to one of their internal systems.

Hostinger, which was founded in 2004, has over 29 million users in 178 countries and is also an Internet domain name registrar. The breach, the company says, may have affected almost half of its users ‘ information.

On 23 August, the company received alerts about unauthorized access to an internal server containing an authorizing token, which was applied by attackers to scale privileges to the RESTful API server system to query client and account information.

The compromised API and all related systems have already been secured with quick removal of unauthorized access, the company says.

“An unauthorized third party accessed the API database which includes our Client username, e-mails, hashed passwords, first names and IP addresses. The respective database table containing customer data has information about 14 million hosting users, “said the hosting provider.

While customer passwords are hashed, the company has decided to reset all passwords as a safeguard practice. Hostinger says that it has notified all users of the reset password via email and has also contacted the authorities in this regard.

No payment card or other sensitive financial information has been jeopardized, as payments are made by third-parties to Hostinger services.

In its internal investigation, the Web hosting provider says that during the incident, no client accounts or data stored on those accounts (websites, domains, host emails, etc.) were compromised.

“We remind our customers that they do not use the same passwords on a number of web-based service providers, and that their password management tools generate strong, unique passwords,” he said.

In addition, Hostinger advises users to be careful of unsolicited communications asking for login information or personal information. You should not click on the links or download attachments from suspicious emails.

Also Read,

Capital One Lost 14-Years Worth Of Customer Information In A Data Breach

36TB Data Breach: The Culprit, Lenovo’s Obsolete Iomega NAS

Sprint Data Breach Due To Samsung.com Bug Revealed

Julia Sowells960 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register