Server Breached, Web Hosting Provider Reset 14 Million Users’ Passwords

Recently, Hostinger changed the login passwords of its 14 million users when a third party hacked its server.

According to the hosting provider service, the party got access to token due to which they could open RESTful API Server.

RESTful API server is the database where all information of the users are stored which includes their name, email address, passwords, first names and IP address.

Therefore, the company changed the passwords once they got information about breach of the server on 23rd August at night. They changed the passwords with the help of SHA-2 algorithm. SHA-2 can keep passwords more secure than SHA-1 algorithm.

SHA or Secure Hash Algorithms are hash functions or codes which can be used to save passwords. It helps to do computation fast when the server is attacked.

SHA-1 has long extensive rainbow tables. These tables of the database can help in finding passwords whereas in SHA-2 has less extensive tables and databases due to which the attacker cannot find passwords.

Hostinger used the weak hashing algorithm before the breaching of half of 29 million accounts. The company sent recovery mails to their users regarding resetting of passwords and advise them to set unique passwords to ensure security.


Although, the details were breached, Hostinger assured that financial information is saved because they have third-party payment providers who handle the payments and transfer of money. Yet, the hosting service did not tell the names of the payment providers.

Currently, the company is not assisting the users with two-factor authentication but the company has assured to create multi-layer security to protect the details of users.

The investigations are going on. The forensic experts are looking for culprit.


Photo: scyther5 / iStock / Getty Images

Read next: The Passwords of Your Content Management Systems Are Not Secure - Research Proves!

No comments:

Post a Comment