A Lithuanian web host has lost over 13 million of its customers’ passwords. The company,
000webhost, has headquarters in Vilnius, the Lithuanian capital. It offers a range of free and premium web hosting services alongside packages that include a website builder and website templates.
The breach occurred earlier this week and news of the breach was announced on 000webhost’s Facebook page. It was discovered by Troy Hunt, the man behind haveibeenpwned.com, a site that allows users to check if any of their email accounts have been compromised in data breaches. Hunt received a tip-off from an “anonymous source”. The company did not suggest how the breach occurred.
"We have witnessed a database breach on our main server,” suggested 000webhost in a statement. “A hacker used an exploit in old PHP version of the website gaining access to our systems, exposing more than 13.5 Million of our customers' personal records. The stolen data includes usernames, passwords, email addresses, IP addresses and names." The company later added, "We are still working 24/7 in order to identify and eliminate all security flaws. Additionally, we are working on upgrading all of our systems... in an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved."
How can web hosts protect themselves from hackers? Let us know your thoughts. Add your comments below.
