13 Million Passwords Appear To Have Leaked From 000webhost.com

[BrenGun 2261]

 

Type in “free web hosting” into Google GOOGL -0.32% and a variety of options are presented. Near the top is a Lithuanian company called 000Webhost. It’s high Google ranking could well be the reason it is believed to have millions of users. Unfortunately for them, all their usernames and passwords have been leaked, FORBES understands.

 

Earlier this week, I was contacted by Troy Hunt, Microsoft MSFT +0.00% MVP and owner of haveibeenpwned.com, a website that sucks in email addresses from significant breaches so users can quickly check whether their data was compromised. Hunt informed me he’d been contacted by an anonymous source who’d passed along a database allegedly belonging to 000Webhost, containing usernames and passwords ostensibly belonging to just more than 13.5 million users. They didn’t appear to have been leaked online before and the database looked legitimate, piquing Hunt’s interest.

Hunt and I subsequently tested various emails in the database, attempting to sign up new accounts using the leaked addresses only to be told in auto-generated responses those emails were already in use by customers; a big clue indicating the database contained real user data.

 

Hunt spoke with five 000Webhost users, who confirmed their passwords matched with those he’d been handed. He also found his own email address in the database. It appeared someone had registered an account in Hunt’s name and could do so because 000Webhost didn’t do any validation using the email. He subsequently took control of the account by issuing a password reset.

 

Readfull http://www.forbes.com/sites/thomasbrewster/2015/10/28/000webhost-database-leak/

 

anyway to check out if something happens to your username/email you can check it at https://haveibeenpwned.com/

 

my email seems to be pwned in 2013 too.. with the adobe scandal back then.. which I totally forgot about it.

 

Right now I'm glad that I use many different passwords then what I used to use at 000webhost.

Because this is already happened in March... and I could log in all around the Internet on the websites I use the same passwords at.

 

Still, it happens a lot now days that websites get hacked.. so I guess.. its never safe.... only changing passwords once a while is the key...

 

[Zeus 7997]

That's absolutely messed up.

 

According to the site DarkWater linked the top 10 sites most likely to have compromised your information would be:

Top 10 breaches

152,445,165 Adobe accounts

30,811,934 Ashley Madison accounts

13,545,468 000webhost accounts

4,821,262 mail.ru Dump accounts

4,789,599 Bitcoin Security Forum Gmail Dump accounts

4,609,615 Snapchat accounts

3,867,997 Adult Friend Finder accounts

3,474,763 Спрашивай.ру accounts

3,122,898 MPGH accounts

2,983,472 XSplit accounts

I checked my accounts and I'm all good

[Tetora 625]

Lulz, I have been pwned 3 times on my non-business e-mail: Adobe, MangaTraders (what the heck, never even traded manga), and Ashley Madison (don't judge me).

I see Snapchat in the list, lucky I didn't get pwned there too, or have my snaps intercepted... oh lawd.

Not even going to change my password, then I let the fearmongerers win. If people want to risk federal charges to see that there are new releases by my favorite VK artists, the endless spam from Ameba and Bookwalker, and age-old 'baby come back' e-mails from ex-gf's so be it.

Logging into your own e-mail is enough of a pain, who is going to log into 13 million of them and search for treasure.

[BrenGun 2261]

Yeah...

000webhost was the best free webhost.

I did use it...

But since the hack was already in March.. and I use difficult passwords and different for my emails and paypal, clickbuy shizzel and websites I got paydetails on, I guess im safe. Even if there are a bunch of ftp passwords also leaked.

Hopefully it didn't affect me.

And adobe.. I didn't know that, guess I never even did chance my password over there. XD

But I know now which passwords I shouldn't use anymore.

[000webhost 1]

At 000webhost our top priority is to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of Internet together. For millions of people our services are an opportunity to be present on the internet and learn more about technology. At Hostinger and 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that. In an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re enable access to affected systems after an investigation and once all security issues have been resolved. Our users sites will stay online and will be fully functional during this investigation. We will fully cooperate with law enforcement authorities once our internal investigation has been completed. We advise our customers to change their passwords and use different passwords for other services. We became aware of this issue on the 27th of October and since then our team started to troubleshoot and resolve this issue immediately. We are still working 24/7 in order to identify and eliminate all security flaws. Additionally we are going to upgrade our systems in a close future. We hope we get back the service to our users soon. Our other services such as Hosting24 and Hostinger are not affected by this security flaw.

 

Sincerely,

000webhost.com

[Tokage 5930]

oh  no not my adultfriendfinder account, where will i find cool gamer pals now????