The web hosting provider Hostinger announced that it was forced to reset over 14 million customer logins. The incident occurred on August 23rd when a third party was able to access usernames, hashed passwords, email addresses, first names, and IP addresses. The breach was possible because the affected server had an authorization token that allowed access and privilege escalation that allows queries about clients and their accounts, phone numbers, home, and business addresses. Hostinger forced a password reset in response to this breach for all of its clients. According to the hosting service, financial data and financial websites were not involved. Hostinger uses a third-party payment portal and an investigation showed that it was not affected. The information stolen could be used by attackers to perform several styles of attacks, such as credential stuffing which is where the attacker attempts to use the login credentials on multiple sites in an attempt to access information. Currently, an investigation is underway to pinpoint the breach point and how to secure it properly.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased