If he had a copy of the database, why did he also need 000webhost to give him the same info to fill his database? Something smells fishy with this large database of compromised users from around the world. How much would a hacker make if they broke in to HaveIBeenPwned?
Get James Bond in here: 13 million account passwords plundered from 000webhost
Hackers have made off with the names, email addresses, and unencrypted passwords of 13 million accounts at 000webhost, a free web hosting biz. If anyone hit by the raid has reused a 000webhost password on another website, now's the time to change it. Troy Hunt of HaveIBeenPwned fame said he has added the email addresses of …
COMMENTS
-
This post has been deleted by its author
-
Wednesday 28th October 2015 23:15 GMT okubax
Have an account with them so not surprised to see my username pop up on the pwned website. So they reset all passwords with 'still' zero communication to their users about the breach.
They have this notice on the log-in page for members: "Important! Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed. Thank you for your understanding and please come back later."
Bastards.
-
Wednesday 28th October 2015 23:17 GMT Doctor Syntax
"We removed all illegally uploaded pages as soon as we became aware of the breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress."
Translation: we bolted the stable door.
-
Wednesday 28th October 2015 23:18 GMT Destroy All Monsters
Meanwhile, in Goldhacker's lair...
Agent BOND has been shibari-ed to a PLATFORM OF EXTERMINATION and is basically awaiting his fate.
GOLDHACKER: "Yes, Mr. Bond. All passwords downloaded via a simple exploit, rainbow-tabled and indexed. A trivial hack, enabled by third-rate coders. It's human nature, Mr Bond. Inevitable."
BOND [STRAINING]: "I don't understand, Goldhacker! Do you expect me to believe this kind of thing will go on forever?"
GOLDHACKER: "No Mr. Bond. I don't expect you to understand. I expect you ... to die!"
[GOLDHACKER turns to leave but then whips around]
GOLDHACKER: "By the way. Nice password, Mr. Bond."
[GOLDHACKER shows BOND a printout with the clearly written text: "007"]
-
-
Thursday 29th October 2015 09:05 GMT Pascal Monett
Ah, PR disaster handling
Cyprus-headquartered 000webhost admitted: "A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information.
"We removed all illegally uploaded pages as soon as we became aware of the breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress."
What they actually said is that they made their website ages ago and never updated it, so they were thoroughly pwned. Now, they are pretending to do something to cover the issue.
The investigation is simple : an old PHP exploit should not be allowed to exist on an ISP's website. An ISP should be well aware of best practices and apply them rigorously.
-
Friday 30th October 2015 12:16 GMT The Infamous Grouse
I had a temporary account with these clowns about a year ago. Alarm bells began to ring when I saw the poor quality of their admin pages, then clanged almightily when I tried to delete the account. Despite trying every automatic option, and emailing "support", the login continued to work and the files I'd uploaded remained stubbornly present. In the end I deleted the folder structure file by file until only a skeleton remained before abandoning the account. Sure enough, that account is one of those leaked. Fortunately the password was random and unique, and even the email address was for a domain I no longer own.
I guess at the end of the day you get what you pay for. Cold comfort to those whose credentials have leaked, especially those people (unfortunately all too numerous) who use the same password in multiple places.
-
Monday 2nd November 2015 08:51 GMT 000webhost
A message from CEO Arnas Stuopelis about 000webhost data breach.
We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version of the website gaining access to our systems, exposing more than 13.5 Million of our customers' personal records. The stolen data includes usernames, passwords, email addresses, IP addresses and names.
We became aware of this issue on the 27th of October and since then our team started to troubleshoot and resolve this issue immediately. We are still working 24/7 in order to identify and eliminate all security flaws. Additionally, we are working on upgrading all of our systems. We will get back to providing the service to our users soon.
At 000webhost our top priority is to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together. For millions of people our services are an opportunity to be present on the internet and learn more about technology.
At Hostinger and 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that. In an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved.
Our user’s sites will stay online and will be fully functional during this investigation. We will fully cooperate with law enforcement authorities. At the same time our internal investigation has been started. We advise our customers to change their passwords and use different passwords for other services.
Our other services such as Hosting24 and Hostinger are not affected by this security flaw and are fully secure and operational.
Contact:
Arnas Stuopelis
CEO, Hostinger
press@hostinger.com