Continuing the trail of data breaches now joins the web hosting company Hostinger. As revealed by the firm itself, Hostinger suffered a security breach exposing one of its servers to an adversary. The company warned that the incident may have affected 14 million users.
Hostinger Warns Of Security Breach
According to a recent disclosure by the web hosting firm Hostinger, the company has faced a security breach. Some unauthorized attackers accessed the firm’s internal servers to reach customers’ information.
The company recently realized the breach through informational alerts that an adversary had accessed their servers. Explaining how it happened, the company stated in their notice,
This server contained an authorization token, which was used to obtain further access and escalate privileges to our system RESTful API Server. This API Server is used to query the details about our clients and their accounts.
The database contained non-financial information of the users, such as their usernames, first names, email addresses, IP addresses, and hashed passwords. In all, it had information of about 14 million customers. Thus, the company suspects the breached might have impacted all 14 million users.
However, they assure that the financial information of users remained safe during the incident.
Payments for Hostinger services are made through authorized and certified third-party payment providers. It means that we never store any payment card or other sensitive Client financial data on our servers and it has not been accessed or compromised.
The incident also did not affect the ‘data stored on accounts’ such as domains, websites, and hosted emails.
Customers To Reset Passwords
Although Hostinger explained that the breached affected hashed passwords only, they have still reset customers’ passwords. Furthermore, they have also informed customers of the incident via email notifications that also include password reset links.
In addition, as they continue with the investigations, they have set up a dedicated status page to keep everyone updated.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Microsoft Phishing Attack Bypasses Security By Creating Local Login Form - December 9, 2019
- The Spotify Phishing Attack That Tricks Users Through Fake Failed Payment Notices - December 9, 2019
- Serious Vulnerability Allows Hijacking of VPN Connections Across Many Linux Based Systems (Including Android and MacOS) - December 9, 2019