Posted on August 27, 2019 at 7:26 AM
Hacking activity forced the famous web hosting providing company Hostinger to reset passwords of more than 14 million users worldwide. They were changed, according to reports, to a random characters sequence as a preventive measure after user and company data were compromised by cybercriminals.
The web hosting service is in the process of managing the situation and has already sent emails to the affected customers with the necessary steps to recover and restore their passwords.
Hostinger published a blog post with details of the situation. According to the company, the data breach occurred last Thursday, as the firm got an email message saying that an unknown, unauthorized agent had gained access to one of Hostinger’s servers.
Access to an Authorization Token on One Server
To be more specific, the cybercriminals managed to obtain access to an authorization token on one of the company’s servers. Said token can be implemented as a tool to make API requests without the need for login credentials. Using this method granted the hackers an incredibly large database, including Hostinger’s internal systems and customer data of roughly 14 million users.
Critical details could be exposed, among them: names, IP addresses (location,) email addresses, phone numbers, Hostinger usernames, and hashed passwords, according to information via Catalin Cimpanu (@campuscodi) on Twitter.
Clients are worried that their identities, names, usernames, emails, IP addresses, and passwords can be exposed. However, shortly after the data breach occurred, Hostinger moved quickly to remove the access and also secured the API and every other related element.
However, the company performed an internal investigation on the matter and arrived at the conclusion that people’s accounts and data stored on them, such as websites, domains, hosted emails, and more weren’t affected by the attack.
Per the blog post, Hostinger is performing a thorough investigation of the events with forensic specialists and data scientists, not to mention the help of authorities. As an additional security measure, the firm recommends users to be wary of unauthorized or suspicious email messages and other potentially harmful links. Users need to ignore any attempt to provide login credentials.
Financial Logs Were Unaffected
For those clients worrying about any possible effects on their financial logs after the data breach, Hostinger said that they could rest easy, knowing that they weren’t affected by the attack.
The CEO of Hostinger Balys Kriksciunas, quoted by ZDNet, expressed that they haven’t unveiled any crafted calls to take customer information, but that they are taking the worst-case scenario. The executive also stated that they couldn’t tell the exact number of affected customers since the breach was so big. That said, the number can keep growing in the coming days.
While the incident reportedly took place on Thursday, it was discovered a day later. Hostinger published a status page in which clients could track updates about the data breach just as they occurred.
According to the company, the breached server and API have already been taken down as a precaution.
Kriksciunas observed that the company had to make quick and potentially painful decisions, given the size and nature of the attack. That is why they decided to reset the passwords for all clients that could be entered through the API server perimeter.
An investigation is Still Ongoing
The executive declined to offer more details about the situation, claiming that it still was an ongoing investigation. He said that the company was analyzing network traffic logs and logs from relevant systems that may point out to any downloaded data.
An important piece of information needs to be considered: at the moment, Hostinger doesn’t have two-factor authentication among its offerings, which is noteworthy because it has been proved time and time again that it is an efficient security measure.
Nevertheless, the web hosting services firm has recently stated that including 2FA is among its plans for the future. After last week’s events, they are surely trying to accelerate its implementation.