13.5m accounts hacked: 000webhost Hacked
Published: October 29, 2015
13.5m accounts hacked: 000webhost Hacked, Free website hosting service 000webhost has suffered a data breach which has placed the service’s security practices under scrutiny.
000webhost is a free web hosting service which supports both PHP and MySQL, catering for millions of users worldwide. On Wednesday, the firm told users in a Facebook message that the company had suffered a databreach on its main server.
A hacker used an exploit in an old, unpatched version of PHP to upload malicious files and gain access to the service’s systems. Not only was the full database containing the usernames, passwords and email addresses compromised, but this information has been dumped online.
000webhost said it removed all the malicious uploads once they became aware of the breach, and “changed all the passwords and increased their encryption to avoid such mishaps in the future.”
An interesting statement to make, as Troy Hunt, Microsoft MVP for Developer Security and the owner of Have I been pwned notes the record dump contained plain text passwords. If services do not at least hash stored passwords, attackers do not need to do anything beyond steal them to use them.
Please feel free to send if you have any questions regarding this post , you can contact on