Web host Hostinger has suffered a data breach the company says may affect 14 million customers. On August 23rd the company detected unauthorized access to a database containing millions of its customer’s information. The company said it has reset user passwords as a “precautionary measure”.
In a blog post, Hostinger said they received an alert that one of its servers was accessed by an unauthorized third party. saying “This server contained an authorization token, which was used to obtain further access and escalate privileges to our system RESTful API Server” This allowed the hacker to gain access to the company’s systems, including a database containing customer usernames, email addresses, and passwords.
The data was encrypted with the SHA-1 algorithm, which has been largely dropped for stronger algorithms since researchers found SHA-1 to be vulnerable to spoofing. Hostinger says they have since upgraded their hashing for password and other sensitive data to the stronger SHA-2 algorithm. The kind response that you would expect to see from a company who was aware they had exposed a large amount of users data, Moviepass take note.
Hostinger has more than 29 million customers and said the compromised database stored around 14 million customers records. Hostinger says they are in contact with the “respective authorities”.
Hostinger maintains financial data was not compromised. However, an internal investigation into the breach is underway. If you wish to delete your personal data from Hostinger the company says you can contact firstname.lastname@example.org.
Header Image by Elaine_Smith