000webhost hacked, 13 million passwords stolen...

[CM30]

If you're using their services for your site, you may really want to consider moving now:

http://www.troyhunt.com/2015/10/breache ... words.html

http://www.forbes.com/sites/thomasbrews ... base-leak/

Basically, their database was leaked and about 13-15 million passwords were taken as a result. What's worse, they didn't actually encrypt any passwords in the database, so everything you entered... is basically in plain text for any bored hackers to read and use on other sites. There are also tons of security holes in their site programming, and the company didn't result to the allegations for a good week after being notified.

Oh, and the passwords have apparently been leaked since March this year.

Either way, if you're using their services, find a new host immediately. It's outright dangerous to keep using a company this neglient. And if you've used them before, change your passwords since hackers are probably trying to access email, other site and bank accounts via the same emails and passwords.

 

[TechWiz18]

I am glad it has been years upon years since I have actually used this webhost so my account probably doesn't even exist anymore :lol:

 

[Cierra]

I haven't heard about this until now. I wonder why they have better security practices.

 

[Gizmo]

Wow! :lol:

 

[Allenafaith]

Well that sucks! I'm glad I don't have a site hosted with them. :/

 

[Cosmic]

Wow, they need to get their act together. 😛

I don't recommend 000webhost anyway, as they have a very bad reputation. But this makes them seem even worse.

EDIT: On reading the articles, looks like the DB is being sold. That's not good.

 

[Doctor Tech]

That is very unfortunate for all users who are affected :/

 

[Dylan]

Idiots - https://www.000webhost.com/000webhost-d ... ata-leaked

 

[Ash]

Is this even a surprise to be honest? I have used them a long time ago, should I be worried about my details?

 

[John]

Is this even a surprise to be honest? I have used them a long time ago, should I be worried about my details?

If you used the same password, yes, I'd definitely change it.

This is awful. Not encrypting passwords is just stupid. 😛

 

[Nebulous]

More confirmation that using a unique and different password for each site is definitely the way to go.

 

[Ash]

More confirmation that using a unique and different password for each site is definitely the way to go.

Definitely but for a lazy person like me it just gets confusing and annoying. The safer way definately :yes:

 

[Nebulous]

More confirmation that using a unique and different password for each site is definitely the way to go.

Definitely but for a lazy person like me it just gets confusing and annoying. The safer way definately :yes:

I'd rather be slightly inconvenienced than violated.

I know I felt violated and foolish when someone got ahold of one of my passwords and used it to login/post on a different forum (where I used the same password). There was minimal damage, but it was a wake up call for me to be more security conscience.

 

[Korora]

I actually have access to this (not going to mention where from...) but I must say, they must be complete idiots for not using any form of encryption. Even a basic MD5 would've helped but nope, plain-text was the way to go for them.

My best advice for everyone that may have been associated with 00webhost is to change your password to everything immediately (if you use the same password anywhere else, although you shouldn't...).

Also it's a great time to learn what password managers are and how to use secure passwords, mine are personally around 125 characters long.

 

[Forces of Steel]

Very unprofessional of them to let it happen to their users, and it's more their own fault than the hackers for not hashing the passwords. Good thing none of my stuff is there.

 

[Ashley]

Quite frankly, I can't say I'm surprised. 0.00 Webhost has always been one of the worst hosts in existence (next to Forumotion) and the fact that they can't take care of customer's personal, and even private, information is outrageous. I never was a fan to begin with. I wanted to try these guys once, and it was a nightmare. Took forever to get activation email, took forever to get Cpanel details so I could log in and start work, etc. NEVER. AGAIN!!!!!!!!!!! Seriously, I would not recommend this host to anybody!

 

[Cierra]

I actually have access to this (not going to mention where from...) but I must say, they must be complete idiots for not using any form of encryption. Even a basic MD5 would've helped but nope, plain-text was the way to go for them.

My best advice for everyone that may have been associated with 00webhost is to change your password to everything immediately (if you use the same password anywhere else, although you shouldn't...).

Also it's a great time to learn what password managers are and how to use secure passwords, mine are personally around 125 characters long.

Why do you have access?

 

[mrdawgza]

I believe that this 'hack' was possible because 000webhost uses (used*) outdated PHP servers, which irritated me so much because I couldn't run my website on the old PHP versions. From what I heard, there was a flaw in the PHP version that allowed the 'hacker' to get in. I'll never use them again, probably.

--edit
I would also like to add that their 'auto installer' has been under maintenance for more than 8 months.

 

[Ash]

I believe that this 'hack' was possible because 000webhost uses (used*) outdated PHP servers, which irritated me so much because I couldn't run my website on the old PHP versions. From what I heard, there was a flaw in the PHP version that allowed the 'hacker' to get in. I'll never use them again, probably.

--edit
I would also like to add that their 'auto installer' has been under maintenance for more than 8 months.

I used them years ago when I didn't use paid hosting. Their auto installer was still under maintenance but it worked perfectly for those that used their paid hosting. Its been more than 3-4 years probably.

 

[vini_Alphanine]

I saw there ranking on the top of the Google pages. May be they need to improve there security.