In February-March 2019, a hacker (or a group of hackers), hiding under the pseudonym GnosticPlayers,…
“The API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users”, — report Hostinger specialists.
Currently, an investigation is on its way, but representatives of the hoster are already resetting passwords for affected accounts.
Read also: Neutrino Botnet Seizes Web Shells of Other Hackers
It is emphasized that the attackers did not get to the financial information and did not break user sites.
“Payments for Hostinger services are made through authorized and certified third-party payment providers. It means that we never store any payment card or other sensitive Client financial data on our servers and it has not been accessed or compromised”, — claim in Hostinger.
One of the Hostinger clients who were affected by the compromise contacted the company and asked what kind of hashing algorithm was used for passwords. Hostinger replied that the data was hashed using SHA-1, and now, after resetting the passwords, SHA-2 is used.
The exact number of victims of this incident is not yet known, since the attacker accessed the database through the API, and there were no records of exactly which calls he made. In fact, at present Hostinger experts act basing on worst-case scenario, that is, they assume that the compromise affected all users (although there is no direct evidence of this).
Following the password reset, we urge our Clients to choose strong passwords that are not utilized on other websites. Clients should be cautious of any unsolicited communications that may ask for your login details, personal information or refer you to a website asking for the above-mentioned information. We also strongly suggest to avoid clicking on the links or downloading attachments from suspicious emails.
We remind our Clients not to use the same passwords on multiple service providers across the web and to generate strong unique passwords with password management tools.
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…
News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…
Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…
View Comments
I think you wrote in a very good and stunning way.