Stories
Slash Boxes
Comments

SoylentNews is people

Hostinger Data Breach Affects Almost 14 Million Customers

posted by Fnord666 on Wednesday August 28 2019, @01:46PM   Printer-friendly
from the this-is-my-shocked-face dept.

upstart writes:

Submitted via IRC for SoyCow4408

Hostinger Data Breach Affects Almost 14 Million Customers

Hosting provider Hostinger today[8/25 -ed] announced that it reset the login passwords of 14 million of its customers following a recent security breach that enabled unauthorized access to a client database.

The incident occurred on August 23 and a third party was able to access usernames, hashed passwords, emails, first names, and IP addresses.

Hostinger offered more details about the incident in a blog post today, saying that an unauthorized party accessed one of their servers and was then able to obtain further access to customer information.

This was possible because the server had an authorization token that allowed access and privilege escalation to a RESTful API used for queries about customers and their accounts, including phone numbers and home address or business address.

"The API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users."

The password reset action is a precautionary measure and Hostinger clients received the notification and details on how to regain access to their account.

Financial data and websites have not been impacted in any way, the company says. Payment for Hostinger services is done through a third-party provider and an internal investigation found that data regarding websites, domains, hosted emails "remained untouched and unaffected."

[...] One security feature that Hostinger plans to add in the near future is support for two-factor authentication (2FA). This would ensure that the username and password alone are not enough to gain access to an account.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hostinger Data Breach Affects Almost 14 Million Customers | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Funny) by JoeMerchant on Wednesday August 28 2019, @04:05PM (2 children)

    by JoeMerchant (3937) on Wednesday August 28 2019, @04:05PM (#886857)

    Still wrapping my head around the idea that 14M people would sign up and even pay for a service named Ho-stinger.

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by VLM on Friday August 30 2019, @02:13PM (1 child)

    by VLM (445) on Friday August 30 2019, @02:13PM (#887749)

    Old timers remember expertsexchange.com which seems to have rebranded in the last couple decades now with a strategically located hyphen. I miss the old name. The site, as I possibly incorrectly recall, grubbed for money too much.

    A bit of google and a stackexchange article finds powergenitalia.com for your italian electrical needs, therapistfinder.com to find therapists, whorepresents.com something to do with linking actors and hollywood agents.

    I wonder if this post will make it thru spam filters and stuff.

    • (Score: 2) by VLM on Friday August 30 2019, @02:14PM

      by VLM (445) on Friday August 30 2019, @02:14PM (#887750)

      I wonder if this post will make it thru spam filters and stuff.

      I guess that worked. Although given the number of rickrolls and 2g1c style shock links I've seen in the distant past I shouldn't be too surprised.