Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday August 28 2019, @01:46PM   Printer-friendly
from the this-is-my-shocked-face dept.

Submitted via IRC for SoyCow4408

Hostinger Data Breach Affects Almost 14 Million Customers

Hosting provider Hostinger today[8/25 -ed] announced that it reset the login passwords of 14 million of its customers following a recent security breach that enabled unauthorized access to a client database.

The incident occurred on August 23 and a third party was able to access usernames, hashed passwords, emails, first names, and IP addresses.

Hostinger offered more details about the incident in a blog post today, saying that an unauthorized party accessed one of their servers and was then able to obtain further access to customer information.

This was possible because the server had an authorization token that allowed access and privilege escalation to a RESTful API used for queries about customers and their accounts, including phone numbers and home address or business address.

"The API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users."

The password reset action is a precautionary measure and Hostinger clients received the notification and details on how to regain access to their account.

Financial data and websites have not been impacted in any way, the company says. Payment for Hostinger services is done through a third-party provider and an internal investigation found that data regarding websites, domains, hosted emails "remained untouched and unaffected."

[...] One security feature that Hostinger plans to add in the near future is support for two-factor authentication (2FA). This would ensure that the username and password alone are not enough to gain access to an account.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday August 28 2019, @05:13PM

    by Anonymous Coward on Wednesday August 28 2019, @05:13PM (#886888)

    First was 000webhost, bought by hostinger after the first massive data leak, including cleartext passwords.
    Now again with hostinger another one.
    How many clients are still there for the third?