Hostinger, one of the fine web hosting platform for average customers, has reported unauthorized access into one of their servers in the midnight of 23rd August 2019. This incident was reported over their blog and immediately sent password reset links to their millions of clients via registered email addresses.
The breach explained:
On 23rd night, one of the Hostinger’s servers alerted their security teams of unauthorized access by an unknown third party. This was happened due to that server has am an option to gain access via authorized token and after obtaining it, the third party has even escalated privileges to RESTful API Server. This specific server is used for requesting their customer’s details or answering queries of their accounts.
The compromised server, which stores the database of nearly 14million of its customers has been accessed by the third party. Hostinger said, “The API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users.“
Though they’re accessed, the passwords were hashed by SHA-1 algorithm, which is finely protected by easily crackable by prominent hackers. So, following this alert, Hostinger explained the issue and sent password reset links to their customers via email. Now the new passwords to be set shall be protected by the SHA-2 algorithm.
(These algorithm hashed passwords are of random mathematical functions during the encryption process and are hard to crack.)
What’s best is that the financial data isn’t been touched. As all the payment and financial things of Hostinger’s were carried out by third-party services, Hostinger itself doesn’t store any of their customer’s data submitted. So, they’re safe.
Checking the real-time status of the investigation:
Hostinger has even dedicated a page specifying every moment of its investigation process regarding server/data center checkups to stored data lookups.
You may visit this link to check it: https://statuspage.hostinger.com