[German]On Friday, 23 August 2019, it became known that the Internet hoster Hostinger is resetting all customer passwords. There was a hack, where infrastructure servers from this hoster has been compromised.
Hostinger is a hoster and internet registrar that has been operating since 2004. According to this Wikipedia article, Hostinger has over 29 million users and is, by the way, the parent company of the recently hacked free-hosters 000webhost. Hostinger is also known for 'cheap Internet hosting offers'.
Hostinger hacked
I've just came across some tweets reporting the hoster's hack. Here is a screenshot of the message about the hack.
Data Breach , Hostinger sedunia pic.twitter.com/uD9EYa1FXH
— Bung Nabung (@ThePandhitas) August 25, 2019
According to Catalin Cimpanu's subsequent tweet, Hostinger is resetting its customers' passwords because hackers had access to internal servers. These servers were probably used to manage the hosting packages. The hackers queried a database with the data of 14 million customers.
Data potentially exposed:
– names
– Hostinger usernames
– IP addresses
– home addreses
– emails
– phone numbers
– hashed passwords pic.twitter.com/5ZQevho9zT— Catalin Cimpanu (@campuscodi) August 25, 2019
According to Hostinger's CEO, it's difficult to know exactly how many customers were affected by this hack. Here is the text of an email to ZDNet that Cimpanu published on Twitter.
The hackers managed to compromise the central API server. This allowed the hackers to access the database entries directly. However, these accesses were obviously not logged. According to Hostinger, however, the hackers did not have access to financial data such as accounts or credit cards. Details can be found in this ZDNet article.