Hostinger Data Breach - How Secure Is Your Data?

Oct 8
23:00

2019

Vivek Sharma1

Vivek Sharma1

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

The hosting blog that ensured customers that their hashed passwords that are prepared through an algorithm were reset and that they are upfront in declaring what went wrong. A scam that has lead to the compromise of personal data of about 14 million people. Ideally, Hostinger caters to about 29 million users across 178 countries. In addition to this, there are about 15k sign-ups every single day.

mediaimage

Hostinger is a renowned name in providing web-hosting services. It was established in 2004 in Kaunas,Hostinger Data Breach - How Secure Is Your Data? Articles Lithuania. They gave online freedom to its clients by providing affordable domains, unlimited PHP, MySQL, cPanel & no ads policy.

Besides all this, Hostinger has been in the news recently due to the major data breach that occurred with its server. A scam that has lead to the compromise of personal data of about 14 million people. Ideally, Hostinger caters to about 29 million users across 178 countries. In addition to which, there are about 15k sign-ups every single day. The gravitas of what could go wrong if data of all these users is incomprehensible.

Here we brief you about what really went down in Hostinger’s data breach.

The Timeline of incidents:

23rd Aug’19: Informational alerts received by Hostinger of unauthorized access by the third party.

The server that was used to procure details about Hostinger’s client was attacked. It had an authorization token that helped further to gain access to their system’s RESTful API server.

Such privileged escalation was possible only due to a token. This raises questions largely about the security and privacy of a large number of people. 

As per Hostinger’s claims, the server contained only the non-financial data like the following:

  • Client Usernames
  • Emails
  • Hashed Passwords
  • First Names 
  • IP Addresses

25th Aug’19: The hosting company posted a blog that ensured customers that their hashed passwords which are prepared through an algorithm were reset and that they are upfront in declaring what went wrong. Moreover, it was also mentioned that the matter is dealt with great seriousness.

That being said, it does not take away from the fact that this is a matter of grieve cybersecurity risk that can lead to identity thefts. Hackers that can penetrate a system can easily acquire other personal data like credit card numbers, sensitive information, social security numbers, and digital signatures via little pieces of authentic information.

A vulnerable system is a doorway to doom for large and small businesses alike. Hostinger has employed a team of forensic experts and data scientists. Hostinger was lucky, the data regarding websites, domains, and hosted emails remained unaccessed and untouched.

Formerly the company passwords utilized SHA-1 for their hashing algorithms whereas now they have moved to SHA-2 for resetting the passwords as per the information provided to one of its clients.

As a substantial step taken in the view of this attack, Hostinger looks forward to implementing a two-factor authentication process that will rule out the sole dependency on username and passwords for access or authorization.

The news of this attack broke overnight and despite the claims by the company, a few users stated that their claims are misleading and their data has actually been hacked and misused.

This incident is like a wake-up call to every organization that works with the internet which ultimately means every business in the world. It brings the credibility of the organization in question. No data is safe when it comes to cyber-space. The vulnerabilities and information security assessments need to be conducted on a regular basis. 

 

Among the best practices, one is to hire a team to build your customized InfoSec. A better option is to hire a virtual CISO and InfoSec team that is competent and is capable of bringing the best risk management solutions for your business.

 

BizzSecure is one such information cybersecurity company that has worked in the field for nearly a decade now. They work with the sole motive of providing visibility, automation, and completeness for your business’ information security. They offer many virtual security services also. Contact today for securing your system completely and rest assured to focus on your business.