000WebHost gets hacked, exposes 13 million emails and passwords
The high profile company attacks keep coming these days with Target, Home Depot and, most recently, TalkTalk. Now word comes out that a major web hosting service has also fallen victim, spewing a generous amount of information to anyone interested.
000WebHost is working to resolve the problems, which led to 13 million emails and passwords being made public, but in the meantime it is trying to take precautions to protect users, though it seems a bit late for that.
Visiting the site now defaults to error.000webhost.com and displays information of how to reset your login and password. A message appears at the top reading "Important: Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed. Thank you for your understanding and please come back later".
Australian security researcher Troy Hunt obtained the data and confirmed its authenticity. In a blog post he wrote "It was very apparent that if this was legitimate, it was indeed a very serious data breach and one that had the potential to impact a very large number of people". In fact, he claims the 13 million estimate is a bit on the low side.
Meanwhile 000WebHost has issued a statement on its Facebook page "We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information".
Accusations have been made that both security researchers and a journalist from Forbes gave 000WebHost ample warning, but the company failed to follow up on these. Now 13 million-plus user names and plaintext passwords are out there.