Hostinger, home to over 29 million of websites has reported via a blog post that, it has reset user passwords as a “precautionary measure” after it detected unauthorized access to a database containing information on millions of its customers.
The breach is said to have happened on Thursday.
According to the company, it received an alert that one of its servers was improperly accessed using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database.
That database contained customer usernames, email addresses, and passwords scrambled with the SHA-1 algorithm, which has been deprecated in favor of stronger algorithms after researchers found SHA-1 was vulnerable to spoofing.
The company has since upgraded its password hashing to the stronger SHA-2 algorithm.
Hostinger said the API database stored about 14 million customers records. The company has more than 29 million customers on its books.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.