Big News! Redline Digital has joined forces with Bright Labs… Learn more

Marketing

SEO

Performance driven SEO

Pay Per Click

Pay per click (PPC) marketing

Social Media

Attract new customers with social media

Creative

Web Design

Industry leading web design

Animation

Next-level animation

Photo & Video

Grab attention with better imagery

Development

Web Development

User-centric web development

eCommerce

Supercharge your sales with e-commerce

Custom Solutions

One of a kind custom development solutions

Strategy

Digital Strategy

Digital strategy for rapid business growth

Marketing Solutions

Smarter marketing solutions

Branding

Full service branding

More than 13 million unencrypted passwords stolen

Oct 28, 2015 | News

We’re not sure how this happened in today’s day and age where encrypting your customers data is so EASY but it has.

000webhost has confirmed that around 13.5 million users of it’s free web hosting service, owned by UK company Hostinger, were stolen in a massive data breach that occurred on it’s main server.

A report from Troy Hunt tells us that they were storing their users data in plain text, with no encryption whatsoever.

In a Facebook post they stated that, in follow up to this data breach, they “removed all illegally uploaded pages as soon as we became aware of the breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress.”

So now, they have reset everyone’s password (a clear indication that the whole database was breached) and are encrypting their users data. We really are not sure why this wasn’t happening in the first place. It’s… just… really baffling to us.

According to a tip off that Hunt received, this breach happened five months ago. He got tipped off because he runs the service Have I been pwned? which “allows people to discover where their personal data has been compromised on the web,“ but only after the news has hit public airways, like the Ashley Madison breach. In this case he made an exception due to the enormity of this breach and the fact that it was just… so stupid. Plain text passwords!? Seriously, who does that anymore!

Reading Hunt’s report you get a very clear idea of how difficult it is for him to even contact 000webhost and let them know about this massive security breach that he’s been tipped off about. Even now, after notifying their customers, they have not replied to Hunt – six days after he became aware and told them of the breach!

The whole thing is seriously messy, and we’re glad that it’s been dealt with. Hopefully nothing untoward comes from this, but with the breached data selling for over $2,000 US it’s clear that these users information will be used for commercial purposes.

A word to the wise:

Security is important folks, and this is why free web hosting is dangerous because while the shiny price-tag of nothing looks good – it can come at a very great cost. Don’t risk it, pay for your web hosting.

Connect with us

Categories

Let's work together

Ready to accelerate your online business growth? Get in touch and let’s make it happen together.