Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Hostinger Resets User Passwords Following System Breach

Web hosting provider Hostinger reset all customer passwords over the weekend, after learning that an attacker gained unauthorized access to one of its internal systems. 

Web hosting provider Hostinger reset all customer passwords over the weekend, after learning that an attacker gained unauthorized access to one of its internal systems. 

With over 29 million users in 178 countries, Hostinger, which was established in 2004, is also an Internet domain name registrar. The breach, the company says, may have impacted information of nearly half of its users. 

On August 23, the company received alerts on unauthorized access to an internal server containing an authorization token that the attackers used to escalate privileges to the system RESTful API Server used to query details about clients and their accounts.

The compromised API and all related systems have been already secured and the unauthorized access to them has been quickly removed, the company says. 

“The API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users,” the hosting provider said

Although the Client passwords are hashed, the company decided to reset all passwords, as a precautionary security practice. Hostinger says it has notified all of its users of the password reset via email, and that it has also contacted authorities on the matter. 

Advertisement. Scroll to continue reading.

No payment card or other sensitive financial information was compromised a ofs a result the incident, as payments for Hostinger services are made through third-party providers.

The web hosting provider says that its internal investigation has revealed that no Hostinger client accounts or data stored on those accounts (websites, domains, hosted emails, etc.) have been compromised during the incident. 

“We remind our Clients not to use the same passwords on multiple service providers across the web and to generate strong unique passwords with password management tools,” the company notes. 

Furthermore, Hostinger advises users to be cautious of any unsolicited communications requesting their login details or personal information. They should avoid clicking on links or downloading attachments from suspicious email messages. 

Related: Many Users Don’t Change Unsafe Passwords After Being Warned: Google

Related: Slack Resetting More User Passwords in Response to 2015 Breach

Related: Google Warns G Suite Customers of Passwords Stored Unhashed Since 2005

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.