Data leak affected 14 million customers of Hostinger service

One of the largest hosters in the world, Hostinger, reports that unknown attackers managed to gain access to the internal server and, possibly, customers’ information. Because of this incident, data leakage could have affected 14 million users.

According to company representatives, the incident took place on August 23, 2019. Having penetrated the server, the hacker found an authorization token there, thanks to which he managed to gain access to the RESTful API and information about 14 million clients, including username, email addresses, hashed passwords, names and IP addresses.

“The API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users”, — report Hostinger specialists.

Currently, an investigation is on its way, but representatives of the hoster are already resetting passwords for affected accounts.

Read also: Neutrino Botnet Seizes Web Shells of Other Hackers

It is emphasized that the attackers did not get to the financial information and did not break user sites.

“Payments for Hostinger services are made through authorized and certified third-party payment providers. It means that we never store any payment card or other sensitive Client financial data on our servers and it has not been accessed or compromised”, — claim in Hostinger.

One of the Hostinger clients who were affected by the compromise contacted the company and asked what kind of hashing algorithm was used for passwords. Hostinger replied that the data was hashed using SHA-1, and now, after resetting the passwords, SHA-2 is used.

The exact number of victims of this incident is not yet known, since the attacker accessed the database through the API, and there were no records of exactly which calls he made. In fact, at present Hostinger experts act basing on worst-case scenario, that is, they assume that the compromise affected all users (although there is no direct evidence of this).