Plain Text Passwords millions of free hosting accounts now lie in the street




A database of names, email addresses and plain text passwords of more than 13 million customers of the free hosting provider 000webhost is put on the Internet. The hosting company gave the passwords initially without publicity to indicate a reset.

The database with information on more than 13 million accounts would be criminals for $ 2,000 traded. The message about the leaking of the data comes from Troy Hunt, who with his site Haveibeenpwned allows users to search or their account has been hacked. He did previously for example in Adobe and Ashley Madison. The hack at 000webhost would already have taken place five months ago and now are in third place in the top ten largest uitlek incidents after a hack.

Hunt tried following a tip about the hack to make contact with 000webhost but the company from Lithuania offered barely working ways to pass on abuse reports. This week, however, gave the company all passwords reset, which indicates that the message of Hunt or any other tipster has yet arrived. Also ftp access accounts until November 10 off. However, the hosting company gives no reason for the action, which increases the chance that users use their old password.

The security of 000webhost was not exactly in order, noted Hunt. As the login page for users was not encrypted with TLS / SSL. The company could send users their passwords, which indicates that they were stored in plaintext. There were to be found the credentials in the URL in error messages when registering.

The site Forbes and Hunt have been able to verify multiple accounts it to authentic data will come on the streets to lie and also a user of Tweakers announced that its data is leaked. Meanwhile 000webhost the hack admitted. “A hacker abused an exploit in an old PHP version to upload files and access to our systems,” writes the company. The hoster claims to have improved the encryption of passwords.


In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »