Free Web Hosting 000Webhost hacked, 13 Million users impacted

Free Web Hosting 000Webhost company hacked, data belonging to more than 13 Million customers have been leaked online by the attackers.

Another company has suffered a major data breach, this time in the headlines there is the world’s most popular Free Web Hosting company 000Webhost.

The 000Webhost data breach has exposed more than 13.5 Million records belonging to the customers of the Lithuanian company. The personal data exposed in the attack includes usernames, passwords in plain text, email addresses, IP addresses and last names.

In a message published by 000Webhost on the company disclosed the data breach

“We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information.”

The popular cyber security expert Troy Hunt was the first to receive the news of the data breach from an anonymous source then he tried to contact the company without success.

“By now there’s no remaining doubt that the breach is legitimate and that impacted users will have to know,” Hunt wrote in a blog postpublished Wednesday. “I’d prefer that 000webhost be the ones to notify [its customer] though.”

000webhost hacked

“Earlier this week, I was contacted by Troy Hunt” states Fax-Brewster from Forbes “Hunt informed me he’d been contacted by an anonymous source who’d passed along a database allegedly belonging to 000Webhost, containing usernames and passwords ostensibly belonging to just more than 13.5 million users.”

The Australian experts confirmed the authenticity of the data and contacted Forbes to disclose the news.
According to Forbes, the Free Hosting service provider 000Webhost has been hacked in March 2015 and someone was already offering for sale its database in the criminal underground.

“It’s unclear how or when any apparent breach took place. Hunt put me in touch with an anonymous contact who claimed to have knowledge of an attack on 000Webhost in March that used leaked credentials of a 000Webhost admin. FORBES could find no way to verify these claims. Hunt said he was also contacted by a separate source who’d indicated the database was for sale on unspecified forums for $2,000.”

The Free Web Hosting company 000Webhost has many responsibilities, it first failed to properly protect the data by storing them in clear text, and then repeatedly ignored Troy Hunt who tried to report them what happened.

At the time of writing, the 000webhost.com website is on maintenance has reported in the home page.

“Important! Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed. Thank you for your understanding and please come back later.”

In response to the incident, the IT staff at the 000webhost Free Hosting service has changed all customers’ passwords to the random values and implemented encryption (it’s never too late ;-)), but it hasn’t notified the incident to the customers alleged impacted in the data breach.

The company has also removed the content uploaded by the hackers once discovered the data breach.

However, 000Webhost said: “We removed all illegally uploaded pages as soon as we became aware of the [data] breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future.”

000webhost clients have to follow the password reset process to generate a new password for their account.

Stay tuned!

Pierluigi Paganini

(Security Affairs – 000Webhost, data breach)

Leave a Reply