On Wednesday, free website hosting service
000webhost revealed that it had suffered a data
breach on its main server.
000webhost revealed that it had suffered a data
breach on its main server.
"We have witnessed a database breach on our
main server," said the company in a statement
on Facebook this week. "A hacker used an
exploit in old PHP version to upload some files,
main server," said the company in a statement
on Facebook this week. "A hacker used an
exploit in old PHP version to upload some files,
gaining access to our systems. Although the
whole database has been compromised, we are
mostly concerned about the leaked client
information ." Not only has the database been
compromised, but the information - including
usernames, passwords, email addresses, IP
addresses, and names - had been dumped
online. In a follow-up post, 000webhost said that
it "became aware of this issue on the 27th of
October and since then our team started to
troubleshoot and resolve this issue
immediately." It added, "In an effort to protect
our users, we have temporarily blocked all
access to systems affected by this security
flaw. We will re-enable access to affected
systems after an investigation and once all
security issues have been resolved. Our users'
sites will stay online and will be fully functional
during this investigation."
While 000webhost says that it was not aware of
the breach until this week, security researcher
Troy Hunt says that he was notified of the
infiltration, had sent a copy of the account
databases some time ago, and had been trying
to talk to the hosting service for days to alert
them of the hack. Hunt's contact claimed the
attack happened "approximately 5 months ago"
and that the data sent appeared to be
legitimate. There are currently 13,545,468
000webhost email addresses searchable in
Hunt's "Have I been pwned?" service, which
allows users to find out if their account has
been compromised.
the breach until this week, security researcher
Troy Hunt says that he was notified of the
infiltration, had sent a copy of the account
databases some time ago, and had been trying
to talk to the hosting service for days to alert
them of the hack. Hunt's contact claimed the
attack happened "approximately 5 months ago"
and that the data sent appeared to be
legitimate. There are currently 13,545,468
000webhost email addresses searchable in
Hunt's "Have I been pwned?" service, which
allows users to find out if their account has
been compromised.

No comments:
Post a Comment