Web host Hostinger has suffered a data breach the company says may affect 14 million customers. On August 23rd the company detected unauthorized access to a database containing millions of its customer’s information. The company said it has reset user passwords as a “precautionary measure”.
In a blog post, Hostinger said they received an alert that one of its servers was accessed by an unauthorized third party. saying “This server contained an authorization token, which was used to obtain further access and escalate privileges to our system RESTful API Server” This allowed the hacker to gain access to the company’s systems, including a database containing customer usernames, email addresses, and passwords.
The data was encrypted with the SHA-1 algorithm, which has been largely dropped for stronger algorithms since researchers found SHA-1 to be vulnerable to spoofing. Hostinger says they have since upgraded their hashing for password and other sensitive data to the stronger SHA-2 algorithm. The kind response that you would expect to see from a company who was aware they had exposed a large amount of users data, Moviepass take note.
Hostinger has more than 29 million customers and said the compromised database stored around 14 million customers records. Hostinger says they are in contact with the “respective authorities”.
Hostinger maintains financial data was not compromised. However, an internal investigation into the breach is underway. If you wish to delete your personal data from Hostinger the company says you can contact gdpr@hostinger.com.
Header Image by Elaine_Smith
I go by Bill Wishbone, not the cool one who played for the 49ers. In the interest of full disclosure, I write under a nom de plume. With that said, this my ethics statement. I will not cover any company I have been employed by within the last two years.
As this news site grows, monetization may well include, sponsored posts or affiliate links, these will always be disclosed within the individual post.
Comments are closed, but trackbacks and pingbacks are open.