Hostinger resets passwords following security breach

Graham Cluley

Hostinger resets passwords following security breach

Hostinger resets passwords following security breach
Web hosting firm Hostinger has reset the passwords of all of its customers after it discovered hackers had breached its systems and accessed a database containing millions of records.

In a blog post, Hostinger’s Chief Marketing Officer Daugirdas Jankus explained that “an unauthorized third party has gained access to our internal system API, one of which had access to hashed passwords and other non-financial data about our customers.”

The breach, which is said to have occurred on August 23rd, has put the records of up to 14 million Hostinger users at risk.

Data exposed in the security breach includes clients’ usernames, email addresses, hashed passwords, first names, and IP addresses.

Hostinger has reassured customers that their financial details have not been accessed as payments are handled by third-party providers (as such data isn’t stored on the company’s systems). Furthermore, the firm says that after a “thorough internal investigation” it determined that Hostinger client’s “accounts and data stored on those accounts (websites, domains, hosted emails, etc.) remained untouched and unaffected.”

The company says that whoever hacked its systems managed to gain access to an internal server and used am internal API token to query its customer database.

So, Hostinger customers are not being treated to a mandatory password reset. Of course, it’s not just important to change your Hostinger password – but to also make sure that it is unique (in other words, not one that you’re using anywhere else) and that it cannot be easily guessed or cracked.

Affected customers should also be wary of unsolicited communications claiming to come from Hostinger, which might be attempts to phish for login credentials.

It’s worth pointing out that Hostinger does not currently offer its customer two-factor authentication as an additional layer of security. However, it says it is “planning to provide 2FA in the near future.” My guess is that that particular feature just jumped a little up the priority list.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.



Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.