Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked

Web hosting service 000webhost told customers that 13.5 customer usernames, plaintext passwords, email addresses, IP addresses, and names were exposed in a breach.

Information on nearly 14 million users of 000webhost, a Lithuanian web hosting service, was spilled earlier this year when a hacker exploited an old version of the company’s website and gained access to the backend.

13.5 million customer usernames, plaintext passwords, email addresses, IP addresses, and names were exposed as part of the breach, according to a Facebook post from the company Thursday morning.

000webhost first disclosed the breach Wednesday morning in a preceding Facebook post but was hazy with details, claiming that at some point a hacker leveraged an exploit on an old PHP version of the company’s site and uploaded some files.

“Although the whole database has been compromised, we are mostly concerned about the leaked client information,” the company wrote, adding that since it discovered the issue, its reset user passwords, and is cautioning any users who used the same password on another service to change it.

The company claims its launched an investigation into the breach, but fails to give a timeline, or mention whether its involved law enforcement.

Paradoxically, 000webhost claims its customers’ sites will stay online during the ensuing investigation, but also says that it has temporarily disabled most of its systems while it sorts through issues.

“In an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved,” the post reads.

The company is stressing that sister companies Hosting24 and Hostinger, both which appear to be based in Cyprus, are not affected by the breach.

Troy Hunt, Microsoft’s MVP for Developer Security, who also runs the site Have I Been Pwned? learned of the breach late last week after a reader messaged him, and decided to do some research of his own into the hack.

After poking around the site a bit, Hunt discovered the site was storing users’ passwords in plaintext and by looking at the leaked database was also able to verify the email addresses and corresponding information was legitimate.

While 000webhost says it discovered the issue on Tuesday, Hunt claims he tried to contact the company about the breach a week ago, on October 22. One person even contacted him and told him the database was likely dumped back in March, nearly seven months ago.

 

Suggested articles

Discussion

  • 000webhost on

    We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version of the website gaining access to our systems, exposing more than 13.5 Million of our customers' personal records. The stolen data includes usernames, passwords, email addresses, IP addresses and names. We became aware of this issue on the 27th of October and since then our team started to troubleshoot and resolve this issue immediately. We are still working 24/7 in order to identify and eliminate all security flaws. Additionally, we are working on upgrading all of our systems. We will get back to providing the service to our users soon. At 000webhost our top priority is to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together. For millions of people our services are an opportunity to be present on the internet and learn more about technology. At Hostinger and 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that. In an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved. Our user’s sites will stay online and will be fully functional during this investigation. We will fully cooperate with law enforcement authorities. At the same time our internal investigation has been started. We advise our customers to change their passwords and use different passwords for other services. Our other services such as Hosting24 and Hostinger are not affected by this security flaw and are fully secure and operational. Contact: Arnas Stuopelis CEO, Hostinger arnas@hostinger.com

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.