Web hosting company Hostinger reported a massive data breach last Aug. 23, 2019, which prompts a password reset of over 14 million customers.
The company’s internal system, containing customers’ personal information, usernames, email addresses, IP addresses, and passwords, was accessed by an unauthorized third-party. The password reset decision is believed to be a ‘precautionary measure’ to prevent hackers from using private information.
The Thread Post reports that Hostinger has notified its millions of customers about the data breach and the password reset. Hostinger is currently working with internal and external forensic teams to analyze their network and servers for possible improvement and to find the culprit. In addition, the company has also reached the authorities to investigate the incident.
“We are continuing our internal review, implementing new security procedures and hardening server and network settings,” said Hostinger in their website.
Restricted Vulnerable System
After the alert that one of their servers were accessed, the company immediately restrict the ‘vulnerable system’ and makes use of the cryptographic hash function to convert passwords to a random sequence of characters.
After the customers were notified, Hostinger connected with the experts in the field to check any possible trail that will lead to the suspect and the gateway.
However, Hostinger said that payment cards and credit card details are safe as these aren’t ‘stored’ in the tampered server. ‘We never store any payment card or other sensitive Client financial data on our servers and it has not been accessed or compromised,” said Hostinger.
Meanwhile, websites and client accounts remained untouched and unaffected from the data breach.
Security experts believe that users and customers of Hostinger must not reuse the old password into different accounts online. Because the hackers already have the information, chances are, they will try to use these passwords in different places on the internet, particularly on banks and other financial platforms.
Tripwire Vice President of product and strategy Tim Erlin reminds, “If you’ve used the same password in multiple places, you may never know when or how your password was compromised.”
The two-way authentication can help prevent unauthorized logins by verifying the user, however, it is best to change it altogether just to be sure.
Customers can reach Hostinger 24/7 through their customer help center at firstname.lastname@example.org. A live chat is also provided by the company to answer urgent concerns.