Hostinger Warns Security Breach Might Have Affected 14 Million Customers

Continuing the trail of data breaches now joins the web hosting company Hostinger. As revealed by the firm itself, Hostinger suffered a security breach exposing one of its servers to an adversary. The company warned that the incident may have affected 14 million users.

Hostinger Warns Of Security Breach

According to a recent disclosure by the web hosting firm Hostinger, the company has faced a security breach. Some unauthorized attackers accessed the firm’s internal servers to reach customers’ information.

The company recently realized the breach through informational alerts that an adversary had accessed their servers. Explaining how it happened, the company stated in their notice,

This server contained an authorization token, which was used to obtain further access and escalate privileges to our system RESTful API Server. This API Server is used to query the details about our clients and their accounts.

The database contained non-financial information of the users, such as their usernames, first names, email addresses, IP addresses, and hashed passwords. In all, it had information of about 14 million customers. Thus, the company suspects the breached might have impacted all 14 million users.

However, they assure that the financial information of users remained safe during the incident.

Payments for Hostinger services are made through authorized and certified third-party payment providers. It means that we never store any payment card or other sensitive Client financial data on our servers and it has not been accessed or compromised.

The incident also did not affect the ‘data stored on accounts’ such as domains, websites, and hosted emails.

Customers To Reset Passwords

Although Hostinger explained that the breached affected hashed passwords only, they have still reset customers’ passwords. Furthermore, they have also informed customers of the incident via email notifications that also include password reset links.

In addition, as they continue with the investigations, they have set up a dedicated status page to keep everyone updated.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients