Other platforms being targeted? Security breach

Hey there; okay so further to admin response detailing that Infinitifree suffered outages due to domain breach, which has now been somewhat resolved - ive just had an email from Hostinger (a hosting platform ive used before moving to this one, and also partners with Infiniti) detailing that their service has also had a data breach and reset my password for security protection - see screenshot,

Now im not too sure if this is only happening to myself or legitimate attempts to take down hosting services, but i thought it be worth sharing; I find it very strange as im actually starting a Uni course on cyber security in september, and goals for a career in this area??

Let me know your thoughts.

  • As

apologies, 000webhost is their partner

I’m not sure what you are talking about regarding a “breach” on a domain. The issue with the epizy.com was caused by either a technical error or a human error (or both) at either NameSilo or VeriSign (ob both) which caused the domain to be misconfigured. There was no security issue and no data breach. There was no data leak or unauthorized access to anything as far as I know.

Also, it’s not just your account was compromised. I got many emails from Hostinger from many of their different brands regarding data breaches. If you just search the web for “hostinger data breach”, you’ll find many IT news outlets having posted articles in the last few days about this, and 14 million accounts being affected.

Finally, this is not the first time that Hostinger had a data breach. Four years ago, 000webhost.com was hacked as well and leaked the database of their customers: https://www.zdnet.com/article/000webhost-hacked-13-million-customers-exposed/

Ironically, the 000webhost breach revealed that they stored all passwords in plain text (which any IT student should be able to tell is a huge no-no). The Hostinger passwords were not stored in plain text but with SHA-1, which is not quite as bad (depending on the implementation), but still far from best practice.

For the record, InfinityFree client area passwords are hashed with bcrypt and hosting account passwords are encrypted with AES-256.

1 Like