Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hostinger got breached
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hostinger got breached

GuineaGuinea Member
edited August 2019 in General

Welp, I got this email today from hostinger (had a shared plan with them a few years back), and it seems they were breached, apparently they dont know if the data was actually stolen or not, but it included info such as names, addresses, emails, IPs, phone numbers, (hashed) passwords, etc.. Really nice email to get on a Sunday morning telling me that my name, address, and other info is possibly leaked....

Their blog post: https://hostinger.com/blog/security-incident-what-you-need-to-know/

TechCrunch Article: https://techcrunch.com/2019/08/25/web-host-hostinger-data-breach/

(Parts of) the email:

Comments

  • Don't worry about it Facebook already leaked all that info anyway.

  • You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future :)

  • @Ympker said:
    You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future :)

    Except for the fact that I live in the US :wink:

  • @Guinea said:

    @Ympker said:
    You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future :)

    Except for the fact that I live in the US :wink:

    Sad :S

    Thanked by 1pike
  • @Guinea said:

    @Ympker said:
    You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future :)

    Except for the fact that I live in the US :wink:

    If they respect GDPR it doesn't matter where are you from. If the company is present in EU they are obligated to follow GDPR (Hostinger is)

    Thanked by 2Ympker intovps
  • NeoonNeoon Community Contributor, Veteran

    @Ympker said:
    You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future :)

    Why? If it has been breached, your data has been leaked to a 3rd party already, its gone. You can remove it from the source but not the copies that have been already made.

    Even if they remove your data, for financial reasons, they sometimes need to keep your records for up to 10 years.

    As soon you entered your data, you already locked in.

    Thanked by 1ITLabs
  • @Neoon said:

    @Ympker said:
    You could try requesting a GDPR conform removal of your data from hosts you don't use anymore in the future :)

    Why? If it has been breached, your data has been leaked to a 3rd party already, its gone. You can remove it from the source but not the copies that have been already made.

    Even if they remove your data, for financial reasons, they sometimes need to keep your records for up to 10 years.

    As soon you entered your data, you already locked in.

    I was referring to the future. If you still had an acc with a host that has not yet been breached but you don't plan to have business with him anymore either. True about the legal aspect though.

  • NeoonNeoon Community Contributor, Veteran

    @Ympker said:
    I was referring to the future. If you still had an acc with a host that has not yet been breached but you don't plan to have business with him anymore either. True about the legal aspect though.

    Of course, terminating old accounts, is always a good idea.

  • ITLabsITLabs Member
    edited August 2019

    @Guinea wait sometime and check if your data appers here: haveibeenpwned.com

    Thanked by 2Guinea Hosted
  • I already changed my password, and we will see if our details appear on haveibeenpwned or on Mozilla's similar service: https://monitor.firefox.com

    Thanked by 1ITLabs
  • @Hosted said:
    I already changed my password, and we will see if our details appear on haveibeenpwned or on Mozilla's similar service: https://monitor.firefox.com

    Firefox get all their data from Have I Been Pwned

    Thanked by 2ITLabs Hosted
  • LeeLee Veteran

    Its Hostinger, assume at least one breach per quarter. Someone probably pressed the wrong button that resulted in them telling customers this time.

    Thanked by 1grep
  • randvegetarandvegeta Member, Host Rep

    Pretty sure they make most of their money by selling personal data rather than hosting.

  • Isn't this formerly known as 000webhost?

  • @randvegeta you know it's not true. Can happen to anyone - it's an unfortunate situation and I would never wish that to anyone.

  • LeeLee Veteran

    st3wy89 said: you know it's not true

    What, that they sell personal data? Lol, it certainly is true.

  • @DreamCaster said:
    Isn't this formerly known as 000webhost?

    000webhost is one of their brands.

    Thanked by 2DreamCaster Sofia_K
  • stefemanstefeman Member
    edited August 2019

    Its only a matter of time untill it all gets posted into some dump site.. Let's hope its not MD5 hash lol.

    Hashcat breaks an 8 chars full coverage (a-zA-Z0-9!-=) password in 26 days on a single 1080 Nvidia GPU. And this is does not only include MD5 but SHA256 too.

    TL:DR you're fucked if you used 8 digits or less no matter what symbols they were.

    If we assume, the attacker or someone who downloads the dump has something like this or something even better:

    https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

    It won't even take a week before the passwords are everywhere.

  • Sofia_KSofia_K Member
    edited August 2019

    000webhost is Hostinger brand which is extensively used for spamming, abuse, and more over hosting phishing sites. Just check Phishtank and you can find 000s of sub-domains hosted on 000webhost marked for active phishing.

    Regarding Hostinger (paid plans) does anyone on LEB uses it for money-sites? If yes, how's the performance?

  • LeviLevi Member

    @stefeman said:
    Its only a matter of time untill it all gets posted into some dump site.. Let's hope its not MD5 hash lol.

    Hashcat breaks an 8 chars full coverage (a-zA-Z0-9!-=) password in 26 days on a single 1080 Nvidia GPU. And this is does not only include MD5 but SHA256 too.

    TL:DR you're fucked if you used 8 digits or less no matter what symbols they were.

    If we assume, the attacker or someone who downloads the dump has something like this or something even better:

    https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

    It won't even take a week before the passwords are everywhere.

    After 000webhost fiasco they probably adopted argon2 or aes256 encryption.

  • Tr33nTr33n Member
    edited August 2019

    LTniger said: After 000webhost fiasco they probably adopted argon2 or aes256 encryption.

    According to different news posts, hostinger used SHA-1: https://www.google.com/search?q=hostinger+SHA-1&oq=hostinger

    Thanked by 1Levi
  • LeviLevi Member

    @Tr33n said:

    LTniger said: After 000webhost fiasco they probably adopted argon2 or aes256 encryption.

    According to different news posts, hostinger used SHA-1: https://www.google.com/search?q=hostinger+SHA-1&oq=hostinger

    Pathetic.

  • nemnem Member, Host Rep

    @LTniger said:

    @Tr33n said:

    LTniger said: After 000webhost fiasco they probably adopted argon2 or aes256 encryption.

    According to different news posts, hostinger used SHA-1: https://www.google.com/search?q=hostinger+SHA-1&oq=hostinger

    Pathetic.

    Old habits die hard I guess. Hostinger is known for shady shit throughout the industry such as this guy or all this shit.

    Thanked by 2DreamCaster Sofia_K
  • Serves them right for stinging all those ho's...

    On a more serious note, IIRC they used to do a bunch of free hosting offerings under different brands. Although there'll surely be real paying customers in there, with real details, I'd bet a decent % of users aren't.

    Thanked by 1Sofia_K
  • nem said: Old habits die hard I guess. Hostinger is known for shady shit throughout the industry such as this guy or all this shit.

    That definitely is KARMA. May be not instant but it still is.

    Thanked by 1Sofia_K
  • YmpkerYmpker Member
    edited August 2019

    So on Shoop (a cashback plattform) you get 50% Cashback as a new customer for Hostinger. You know, for those of you who like playing with fire 😅

  • Thanked by 3Ympker ITLabs Amitz
Sign In or Register to comment.