Hostinger Resets User Passwords after data breach
Hostinger web hosting provider resets all customer passwords during the weekend, after learning that an attacker has unauthorized access to one of their internal systems.
Hostinger, which was founded in 2004, has over 29 million users in 178 countries and is also an Internet domain name registrar. The breach, the company says, may have affected almost half of its users ‘ information.
On 23 August, the company received alerts about unauthorized access to an internal server containing an authorizing token, which was applied by attackers to scale privileges to the RESTful API server system to query client and account information.
The compromised API and all related systems have already been secured with quick removal of unauthorized access, the company says.
“An unauthorized third party accessed the API database which includes our Client username, e-mails, hashed passwords, first names and IP addresses. The respective database table containing customer data has information about 14 million hosting users, “said the hosting provider.
While customer passwords are hashed, the company has decided to reset all passwords as a safeguard practice. Hostinger says that it has notified all users of the reset password via email and has also contacted the authorities in this regard.
No payment card or other sensitive financial information has been jeopardized, as payments are made by third-parties to Hostinger services.
In its internal investigation, the Web hosting provider says that during the incident, no client accounts or data stored on those accounts (websites, domains, host emails, etc.) were compromised.
“We remind our customers that they do not use the same passwords on a number of web-based service providers, and that their password management tools generate strong, unique passwords,” he said.
In addition, Hostinger advises users to be careful of unsolicited communications asking for login information or personal information. You should not click on the links or download attachments from suspicious emails.