In a recent analysis, over 13 million users of the famous free webhosting provider 000Webhost have been compromised by the way of leaked passwords.
The founder of ‘Have I been Pwned?’ ,a site that serves to inform users of breaches into their personal cyberspace, Troy Hunt, was the first person to confirm this leak after having received it by an anonymous source.
Confirmation of the breach also came from five users affected by this event, after which Mr. Hunt blogged in hopes of warning the rest of the compromised users’.
It wasn’t until later that day that officials 000Webhost confirmed the leak, informing that the violation was due to the exploitation of an older-running version of the PHP servers. Despite the confirmation, the webhosting giant did not get into details regarding the leak of 13 million passwords, however, it did suggest users to update their credentials.
But the story does not end here.
Later on, several weaknesses were uncovered in 000Webhost’s network, like unencrypted HTTP communications in the login page of the site, as well as a piece of code that displayed a user’s password in the URL.
Having been the one to identify these weaknesses, Mr Hunt suggested that other websites might be affected as well as a result of their interaction with 000Webhost. It is indicative that these weaknesses are also a result of loosely-followed cyberspace guidelines in storing sensitive information, like in the example of the lack of security in storing the 13 million breached passwords.
As far as cyber breaches go, this certainly does not take the cake.
A recent breach of the Ashley Madison website caused over 34 million passwords to be leaked, despite their efforts in password encryption that might have given users extra time to update their personal information. In fairness, 11 million of those 34 million passwords were ‘hacked’ due to programming errors, but that is far from being compared to the use of plaintext passwords by 000Webhost, making it just as easy even for stronger passwords to be cracked.
To conclude, users related to activities within the services of 000Webhost as well as affiliated websites should be aware of this compromise and take further steps to eliminate chances of fraud or further breaches. The compromised users should immediately change their information and keep in mind that setting a stronger password always makes a difference.