Image: Che Saitta-Zelterman
Quite literally, everyday someone gets hacked. Whether that's a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another. I mean, the day just isn't complete without a fresh leak of the personal info of ten or so million users.It's gotten to the point where there are just so many hacks, that you may have become desensitized to the sheer amount of data that has been pilfered away from the servers of companies. One million user accounts here, 4 million hashed passwords there. The mundanity of everyday data breaches is taking its toll.That's why we're launching this new format: Another Day, Another Hack. We'll do short posts giving you what you need to know about the hack, so you can figure out whether your bank account, website logins or anything else might be at risk. Because, even if the hack might not be the most sophisticated, and as new data breaches fight for your attention, real people are still getting fucked over somewhere, and should know about it.So here's the first one in a series.
000Webhost is a Lithuania-based free hosting company. According to Forbes and Troy Hunt of security monitoring site haveibeenpwned.com, a database for 000Webhost containing over 13.5 million unencrypted usernames and passwords is on sale for $2,000.Hunt and Forbes tested several of the leaked usernames to check if the leak was likely legitimate. But 000Webhost have since admitted to the breach, on the company's Facebook page."We have witnessed a database breach on our main server," the post reads, and claims that the company was breached because of an outdated piece of software.000Webhost apparently reset its customers' passwords, but failed to inform them. The company did not respond to Forbes' requests for comment.Forbes pointed out its site didn't appear to take security all that seriously: the login page didn't use any encryption, and the site itself was running some pretty out-of-date software.A Twitter tipster also alerted Motherboard that 000Webhost appears to be leaking the contents of customer support tickets.The lesson: for 000Webhosting, it's that encryption of customer data is a necessity, not a luxury.Another day, another hack.Image: Che Saitta-Zelterman
Advertisement
000Webhost is a Lithuania-based free hosting company. According to Forbes and Troy Hunt of security monitoring site haveibeenpwned.com, a database for 000Webhost containing over 13.5 million unencrypted usernames and passwords is on sale for $2,000.Hunt and Forbes tested several of the leaked usernames to check if the leak was likely legitimate. But 000Webhost have since admitted to the breach, on the company's Facebook page."We have witnessed a database breach on our main server," the post reads, and claims that the company was breached because of an outdated piece of software.000Webhost apparently reset its customers' passwords, but failed to inform them. The company did not respond to Forbes' requests for comment.Forbes pointed out its site didn't appear to take security all that seriously: the login page didn't use any encryption, and the site itself was running some pretty out-of-date software.A Twitter tipster also alerted Motherboard that 000Webhost appears to be leaking the contents of customer support tickets.The lesson: for 000Webhosting, it's that encryption of customer data is a necessity, not a luxury.Another day, another hack.Image: Che Saitta-Zelterman