Popular web hosting provider Hostinger faced a massive data breach containing user data of 14 Million+ base. Following such critical event, Hostinger has forced it’s users to change their password into “random sequence of characters” as a precautionary measure.
When And What More Is Affected?
According to the blog post, Hostinger claimed that the massive data breach took place last Saturday(23rd August 2019). The company received an alert that one of their servers were accessed by an unauthorized party. The server contained authorization access key to their RESTful API mechanism. This API mechanism can be used to obtain personal data like
– Hostinger usernames
– IP addresses
– home addresses
– phone numbers
– hashed passwords
and possibly more.
The company also claims that they immediately removed the API access to their server after they were notified about the breach. After removing, they secured their server to avoid any future unauthorized access to their server. Not only the server was secured, but all other API & API related mechanisms were secured too, as the company said.
What Is The Company Doing After The Data Breach?
Following the data breach, the company said that they’re working with their data scientists and forensics department to investigate the data breach. The company claimed to have identified the unknown intruder. As required by the law, the company contacted law enforcement and are now working with them.
Were All Data Published On The Internet?
As of now, there have been no traces of data being published on the Internet. Balys Kriksciunas, CEO of Hostinger Group told ZDNet that no unknown crafted API calls were made to extract’s clients data. However, they’re considering “worst-case scenario” and forced all users to reset their password.
He also told that it is hard to determine the number of clients who’s data was breached because of the nature of the breach.