View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 27, 2019

Hostinger Hacked: Details of 14 Million Customers Stolen

"We are taking this extremely seriously"

By CBR Staff Writer

Web hosting firm Hostinger says almost half of its customer’s passwords and personal data has been leaked online after one of its servers was hacked.

Hostinger provides virtual, cloud and private server hosting, alongside domain registration to over 29 million users.

The company first discovered the intrusion into its network on August 23, when security was alerted that a server had been accessed by an unauthorised third party. The breached server held an authorization token which the hackers then used to escalate their privileges into Hostinger RESTful API Server.

Lithuania-based Hostinger said: “The API database, which includes our client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users.”

Hostinger Hack Under Investigation

Hostinger said it has triggered a password reset for its users as a precautionary measure, as the data accessed on the server contained only hash encrypted passwords secured using the SHA-1 algorithm, which is not among the most robust.

While its investigation is still in a nascent stage the firm says they have assembled a team of internal and external forensics experts and data scientists who have pinpointed the origin of the attack. They also note that they have contacted law enforcement and have restricted the vulnerable system so it can be purged of any unauthorized access.

The company has also updated encryption to SHA-256 it told Threatpost.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Hostinger is reassuring its customers that none of their financial details were accessed during the breach as: “Payments for Hostinger services are made through authorized and certified third-party payment providers. It means that we never store any payment card or other sensitive Client financial data on our servers and it has not been accessed or compromised.”

As usual with these frequent server breaches the firm is warning its clients not to use the same password across multiple websites or logins.

See Also: 5 Questions with… Okta’s CPO Diya Jolly

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU