Another case of weak password defense has led to a data breach of 14 million customers in Hostinger’s database. Hostinger is a web host service and internet domain registrar that has over 29 million users throughout 187 countries.
Details of the Breach
The breach took place on Thursday and the following day, the company was alerted that one of its servers had been improperly accessed. A hacker used an access token on the server, which allows access to systems without a username or password. The token notifies the Application Programming Interface (API) that the user can not only enter into the system but can perform any actions that were dictated for users by the company.
The database that was accessed had 14 million records containing information such as:
Hostinger claims that they do not store customer’s financial information in their database and instead use other payment processors. This means that the breach did not expose financial information of any sort.
Response to the Exposure
Hostinger has reset all of its user’s login passwords as a precautionary measure. They have also increased security by using a new hashing algorithm SHA-256, which is more difficult for cybercriminals to hack. Previously, the company had used the less secure, SHA-1.
The company encrypts client passwords into a random sequence of characters, and this is only a one-way mathematical function. Using a two-way would allow for the same encryption to be used to decipher the password once it reached its destination.
They have assembled forensic experts and data scientists to investigate the origin of the incident, as was stated on their blog. They reported the incident, as is par for the new EU GDPR Laws.
Importance of Passwords
Victims are encouraged to change their password on other accounts and services if it was used on multiple accounts outside of Hostinger. Several data breaches have been linked to unsecure systems and weak passwords. The stronger the password, and the more variety in your passwords per account, the better your chances are at protecting your personal information. Services such as LastPass and Dashlane will keep track of your accounts for you and notify you when there are two passwords that are the same.
Once a hacker has one of your credentials, the easier it is for him or her to access bank accounts, social media profiles, and any other online services that require a login. Creating strong passwords and varying them may seem like a pain but will ultimately protect your digital information. If you think you have experienced a data breach, call our team at Secure Forensics. We can put an end to the attack, find what information was compromised, and identify the attacker.