New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hostinger got breached
Welp, I got this email today from hostinger (had a shared plan with them a few years back), and it seems they were breached, apparently they dont know if the data was actually stolen or not, but it included info such as names, addresses, emails, IPs, phone numbers, (hashed) passwords, etc.. Really nice email to get on a Sunday morning telling me that my name, address, and other info is possibly leaked....
Their blog post: https://hostinger.com/blog/security-incident-what-you-need-to-know/
TechCrunch Article: https://techcrunch.com/2019/08/25/web-host-hostinger-data-breach/
(Parts of) the email:
Comments
Don't worry about it Facebook already leaked all that info anyway.
You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future
Except for the fact that I live in the US
Sad :S
If they respect GDPR it doesn't matter where are you from. If the company is present in EU they are obligated to follow GDPR (Hostinger is)
Why? If it has been breached, your data has been leaked to a 3rd party already, its gone. You can remove it from the source but not the copies that have been already made.
Even if they remove your data, for financial reasons, they sometimes need to keep your records for up to 10 years.
As soon you entered your data, you already locked in.
I was referring to the future. If you still had an acc with a host that has not yet been breached but you don't plan to have business with him anymore either. True about the legal aspect though.
Of course, terminating old accounts, is always a good idea.
@Guinea wait sometime and check if your data appers here: haveibeenpwned.com
https://techcrunch.com/2019/08/25/web-host-hostinger-data-breach/
I already changed my password, and we will see if our details appear on haveibeenpwned or on Mozilla's similar service: https://monitor.firefox.com
Firefox get all their data from Have I Been Pwned
Its Hostinger, assume at least one breach per quarter. Someone probably pressed the wrong button that resulted in them telling customers this time.
Pretty sure they make most of their money by selling personal data rather than hosting.
Isn't this formerly known as 000webhost?
@randvegeta you know it's not true. Can happen to anyone - it's an unfortunate situation and I would never wish that to anyone.
What, that they sell personal data? Lol, it certainly is true.
000webhost is one of their brands.
Its only a matter of time untill it all gets posted into some dump site.. Let's hope its not MD5 hash lol.
Hashcat breaks an 8 chars full coverage (a-zA-Z0-9!-=) password in 26 days on a single 1080 Nvidia GPU. And this is does not only include MD5 but SHA256 too.
TL:DR you're fucked if you used 8 digits or less no matter what symbols they were.
If we assume, the attacker or someone who downloads the dump has something like this or something even better:
https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40
It won't even take a week before the passwords are everywhere.
000webhost is Hostinger brand which is extensively used for spamming, abuse, and more over hosting phishing sites. Just check Phishtank and you can find 000s of sub-domains hosted on 000webhost marked for active phishing.
Regarding Hostinger (paid plans) does anyone on LEB uses it for money-sites? If yes, how's the performance?
After 000webhost fiasco they probably adopted argon2 or aes256 encryption.
According to different news posts, hostinger used SHA-1: https://www.google.com/search?q=hostinger+SHA-1&oq=hostinger
Pathetic.
Old habits die hard I guess. Hostinger is known for shady shit throughout the industry such as this guy or all this shit.
Serves them right for stinging all those ho's...
On a more serious note, IIRC they used to do a bunch of free hosting offerings under different brands. Although there'll surely be real paying customers in there, with real details, I'd bet a decent % of users aren't.
That definitely is KARMA. May be not instant but it still is.
So on Shoop (a cashback plattform) you get 50% Cashback as a new customer for Hostinger. You know, for those of you who like playing with fire 😅