In a data breach security incident, Hostinger, a popular web hosting provider was hit by cybercrime attackers, gaining unauthorized access to their servers, hashed passwords and non-financial data of their huge number of customers. As a precautionary measure, the company reset passwords for all their customers. On 23rd August 2019, the hackers were able to find an authorization token on company’s server and without requiring any username and password, they were able to get access to an internal system API. Hostinger contacted the respective authorities for an investigation immediately after the breach incident was discovered and the system was restricted making it no longer available for any more attacks.
Hostinger received information alerts on 23rd August 2019 that an unauthorized third party has accessed one of their servers. Further access to this server was restricted by an authorization token as the server had all the details about their clients and their accounts. The hackers had access to their database which contains information like emails, usernames, first names, hashed passwords and IP addresses for almost 14 million of their customers. It was easier for attackers to crack passwords as the company used the weak SHA-1 hashing algorithm to scramble the client passwords. From over 29 million users of Hostinger, breach affected half of their customers. The company later reset all Hostinger Client login passwords with stronger SHA-2 algorithm and password recovery emails were sent to the customers who were affected.
The company is planning to have two-factor authentication (2FA) for its Customer’s accounts in the near future. The customers are reassured of no financial data breach as the sensitive financial data is never saved on its servers and a third party is involved in handling payments for the services they provide. More assurance is provided after a thorough internal investigation that client account and the related data including hosted emails, domains and websites were untouched and unaffected.
More assurance is provided after a thorough internal investigation that client account and the related data including hosted emails, domains and websites were untouched and unaffected. The investigation with a team of internal and external forensics experts and data scientists is still going on to find the origin of the data breach and to have increased security measures for entire operations of the company. With the password reset, the customers have also been requested to set unique and strong passwords for their Hostinger accounts. The users also must not answer any suspicious emails that ask to download attachments or click on any links or is attempting to know personal information.
If any customer wishes to delete his details from Hostinger servers under GDPR rules, you may contact [email protected].
NFINITY8, a marketing agency in Dubai, provides web hosting services to help you achieve your website goals. Unlike normal web hosting, here we are using clustered servers, RAID enabled SSD Storage, High-Level Buffered Memory and 10x Faster CPU than the normal Normal Web hosting CPUs. Do contact us if you would like to have any more information on our web hosting services.
Hope you liked the blog, don’t forget to share your comments.